Added a configuration parameter to allow for timeouts during order processing (fixes #955)

2026-01-11 22:30:44 +01:00 · 2025-05-02 14:34:34 +02:00
parent 0141d86267
commit bec154f070
4 changed files with 25 additions and 2 deletions
--- a/1
+++ b/1
@@ -4,6 +4,7 @@ This file contains a log of major changes in dehydrated
 ## [x.x.x] - xxxx-xx-xx
 ## Added
 - Implemented support for certificate profile selection
+- Added a configuration parameter to allow for timeouts during order processing (`ORDER_TIMEOUT`, defaults to 0 = no timeout)

 ## Changed
 - Renew certificates with 32 days remaining (instead of 30) to avoid issues with monthly cronjobs (`RENEW_DAYS=32`)
--- a/README.md
+++ b/README.md
@@ -86,6 +86,7 @@ Parameters:
 --challenge (-t) http-01|dns-01|tls-alpn-01 Which challenge should be used? Currently http-01, dns-01, and tls-alpn-01 are supported
 --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
 --acme-profile profile_name      Use specified ACME profile
+ --order-timeout seconds          Amount of seconds to wait for processing of order until erroring out
 ```

 ## Chat
--- a/22
+++ b/22
@@ -292,6 +292,7 @@ store_configvars() {
  __RENEW_DAYS="${RENEW_DAYS}"
  __IP_VERSION="${IP_VERSION}"
  __ACME_PROFILE="${ACME_PROFILE}"
+  __ORDER_TIMEOUT=${ORDER_TIMEOUT}
 }

 reset_configvars() {
@@ -311,6 +312,7 @@ reset_configvars() {
  RENEW_DAYS="${__RENEW_DAYS}"
  IP_VERSION="${__IP_VERSION}"
  ACME_PROFILE="${__ACME_PROFILE}"
+  ORDER_TIMEOUT=${__ORDER_TIMEOUT}
 }

 hookscript_bricker_hook() {
@@ -336,6 +338,7 @@ verify_config() {
  fi
  [[ "${API}" == "auto" || "${API}" == "1" || "${API}" == "2" ]] || _exiterr "Unsupported API version defined in config: ${API}"
  [[ "${OCSP_DAYS}" =~ ^[0-9]+$ ]] || _exiterr "OCSP_DAYS must be a number"
+  [[ "${ORDER_TIMEOUT}" =~ ^[0-9]+$ ]] || _exiterr "ORDER_TIMEOUT must be a number"
 }

 # Setup default config values, search for and load configuration files
@@ -396,6 +399,7 @@ load_config() {
  DEHYDRATED_GROUP=
  API="auto"
  ACME_PROFILE=""
+  ORDER_TIMEOUT=0

  if [[ -z "${CONFIG:-}" ]]; then
    echo "#" >&2
@@ -554,6 +558,7 @@ load_config() {
  [[ -n "${PARAM_OCSP_MUST_STAPLE:-}" ]] && OCSP_MUST_STAPLE="${PARAM_OCSP_MUST_STAPLE}"
  [[ -n "${PARAM_IP_VERSION:-}" ]] && IP_VERSION="${PARAM_IP_VERSION}"
  [[ -n "${PARAM_ACME_PROFILE:-}" ]] && ACME_PROFILE="${PARAM_ACME_PROFILE}"
+  [[ -n "${PARAM_ORDER_TIMEOUT:-}" ]] && ORDER_TIMEOUT="${PARAM_ORDER_TIMEOUT}"

  if [ "${PARAM_FORCE_VALIDATION:-no}" = "yes" ] && [ "${PARAM_FORCE:-no}" = "no" ]; then
    _exiterr "Argument --force-validation can only be used in combination with --force (-x)"
@@ -1330,19 +1335,24 @@ sign_csr() {
    crt="$( printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" )"
  else
    result="$(signed_request "${finalize}" '{"csr": "'"${csr64}"'"}' | jsonsh)"
+    waited=0
    while :; do
      orderstatus="$(echo "${result}" | get_json_string_value status)"
      case "${orderstatus}"
      in
        "processing" | "pending")
+          if [ ${ORDER_TIMEOUT} -gt 0 ] && [ ${waited} -gt ${ORDER_TIMEOUT} ]; then
+            _exiterr "Timed out waiting for processing of order (still ${orderstatus})"
+          fi
          echo " + Order is ${orderstatus}..."
          sleep 2;
+          waited=$((waited+2))
          ;;
        "valid")
          break;
          ;;
        *)
-          _exiterr "Order in status ${orderstatus}"
+          _exiterr "Order has invalid/unknown status: ${orderstatus}"
          ;;
      esac
      result="$(signed_request "${order_location}" "" | jsonsh)"
@@ -1831,7 +1841,7 @@ command_sign_domains() {
 	# All settings that are allowed here should also be stored and
 	# restored in store_configvars() and reset_configvars()
        case "${config_var}" in
-          KEY_ALGO|OCSP_MUST_STAPLE|OCSP_FETCH|OCSP_DAYS|PRIVATE_KEY_RENEW|PRIVATE_KEY_ROLLOVER|KEYSIZE|CHALLENGETYPE|HOOK|PREFERRED_CHAIN|WELLKNOWN|HOOK_CHAIN|OPENSSL_CNF|RENEW_DAYS|ACME_PROFILE)
+          KEY_ALGO|OCSP_MUST_STAPLE|OCSP_FETCH|OCSP_DAYS|PRIVATE_KEY_RENEW|PRIVATE_KEY_ROLLOVER|KEYSIZE|CHALLENGETYPE|HOOK|PREFERRED_CHAIN|WELLKNOWN|HOOK_CHAIN|OPENSSL_CNF|RENEW_DAYS|ACME_PROFILE|ORDER_TIMEOUT)
            echo "   + ${config_var} = ${config_value}"
            declare -- "${config_var}=${config_value}"
            ;;
@@ -2433,6 +2443,14 @@ main() {
        PARAM_ACME_PROFILE="${1}"
        ;;

+      # PARAM_Usage: --order-timeout seconds
+      # PARAM_Description: Amount of seconds to wait for processing of order until erroring out
+      --order-timeout)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_ORDER_TIMEOUT=${1}
+        ;;
+
      *)
        echo "Unknown parameter detected: ${1}" >&2
        echo >&2
--- a/docs/examples/config
+++ b/docs/examples/config
@@ -133,3 +133,6 @@

 # Request certificate with specific profile (default: <unset>)
 #ACME_PROFILE=
+
+# Amount of seconds to wait for processing of order until erroring out (default: 0 => no timeout)
+#ORDER_TIMEOUT=0