cron stops after signing the first cert #65

New Issue

adam · 2025-12-29T00:23:58+01:00

adam commented

2025-12-29 00:23:58 +01:00

Originally created by @debfx on GitHub (Feb 20, 2016).

In --cron mode letsencrypt.sh stops after creating the first non-existant certificate.

Say domains.txt contains:

test1.example.com
test2.example.com
test3.example.com

If the test1 cert exists and hasn't expired, letsencrypt.sh creates a certificate for test2 and then just stops.

Trace:

[...]
+ [[ -n /home/letsencrypt/hooks/hook.py ]]
+ /home/letsencrypt/hooks/hook.py deploy_cert test2.example.com /home/letsencrypt/certs/certs/test2.example.com/privkey.pem /home/letsencrypt/certs/certs/test2.example.com/cert.pem /home/letsencrypt/certs/certs/test2.example.com/fullchain.pem /home/letsencrypt/certs/certs/test2.example.com/chain.pem
2016-02-19 22:39:32.062711: /home/letsencrypt/hooks/hook.py deploy_cert test2.example.com /home/letsencrypt/certs/certs/test2.example.com/privkey.pem /home/letsencrypt/certs/certs/test2.example.com/cert.pem /home/letsencrypt/certs/certs/test2.example.com/fullchain.pem /home/letsencrypt/certs/certs/test2.example.com/chain.pem
+ unset challenge_token
+ echo ' + Done!'
 + Done!
+ read -r line
+ [[ -n '' ]]
+ exit 0
+ remove_lock
+ rm -f /home/letsencrypt/certs/lock

Tested with revision 63a4937658

$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)

Originally created by @debfx on GitHub (Feb 20, 2016). In --cron mode letsencrypt.sh stops after creating the first non-existant certificate. Say domains.txt contains: ``` test1.example.com test2.example.com test3.example.com ``` If the test1 cert exists and hasn't expired, letsencrypt.sh creates a certificate for test2 and then just stops. Trace: ``` [...] + [[ -n /home/letsencrypt/hooks/hook.py ]] + /home/letsencrypt/hooks/hook.py deploy_cert test2.example.com /home/letsencrypt/certs/certs/test2.example.com/privkey.pem /home/letsencrypt/certs/certs/test2.example.com/cert.pem /home/letsencrypt/certs/certs/test2.example.com/fullchain.pem /home/letsencrypt/certs/certs/test2.example.com/chain.pem 2016-02-19 22:39:32.062711: /home/letsencrypt/hooks/hook.py deploy_cert test2.example.com /home/letsencrypt/certs/certs/test2.example.com/privkey.pem /home/letsencrypt/certs/certs/test2.example.com/cert.pem /home/letsencrypt/certs/certs/test2.example.com/fullchain.pem /home/letsencrypt/certs/certs/test2.example.com/chain.pem + unset challenge_token + echo ' + Done!' + Done! + read -r line + [[ -n '' ]] + exit 0 + remove_lock + rm -f /home/letsencrypt/certs/lock ``` Tested with revision 63a493765863a07f204e40d403d7fa5b5825c9ed > $ bash --version > GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)

adam closed this issue

2025-12-29 00:23:59 +01:00

adam commented

2025-12-29 00:24:00 +01:00

@debfx commented on GitHub (Feb 20, 2016):

Something consumes stdin when sign_domain is called.
As a result the DOMAINS_TXT loop has nothing to read anymore and exists after the first certificate has been signed.

The following patch fixes this bug for me but may be overly complicated (I'm not that fluent in shell code):

diff --git a/letsencrypt.sh b/letsencrypt.sh
index c60ea5b..4727307 100755
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -553,8 +553,13 @@ command_sign_domains() {
     _exiterr "domains.txt not found and --domain not given"
   fi

+  DOMAINS_ARR=()
+  while read -r line; do
+    DOMAINS_ARR+=("${line}")
+  done < <(<"${DOMAINS_TXT}" _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' | (grep -vE '^(#|$)' || true))
+
   # Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
-  <"${DOMAINS_TXT}" _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' | (grep -vE '^(#|$)' || true) | while read -r line; do
+  for line in "${DOMAINS_ARR[@]}"; do
     domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
     morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
     cert="${BASEDIR}/certs/${domain}/cert.pem"

@debfx commented on GitHub (Feb 20, 2016): Something consumes stdin when sign_domain is called. As a result the DOMAINS_TXT loop has nothing to read anymore and exists after the first certificate has been signed. The following patch fixes this bug for me but may be overly complicated (I'm not that fluent in shell code): ``` diff diff --git a/letsencrypt.sh b/letsencrypt.sh index c60ea5b..4727307 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -553,8 +553,13 @@ command_sign_domains() { _exiterr "domains.txt not found and --domain not given" fi + DOMAINS_ARR=() + while read -r line; do + DOMAINS_ARR+=("${line}") + done < <(<"${DOMAINS_TXT}" _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' | (grep -vE '^(#|$)' || true)) + # Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire - <"${DOMAINS_TXT}" _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' | (grep -vE '^(#|$)' || true) | while read -r line; do + for line in "${DOMAINS_ARR[@]}"; do domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)" morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)" cert="${BASEDIR}/certs/${domain}/cert.pem" ```

adam commented

2025-12-29 00:24:00 +01:00

@lukas2511 commented on GitHub (Feb 20, 2016):

Can you check if the mentioned commit fixes your problem?

@lukas2511 commented on GitHub (Feb 20, 2016): Can you check if the mentioned commit fixes your problem?

adam commented

2025-12-29 00:24:01 +01:00

@debfx commented on GitHub (Feb 20, 2016):

Yes, works fine. Thanks!

@debfx commented on GitHub (Feb 20, 2016): Yes, works fine. Thanks!

adam referenced this issue

2025-12-29 01:28:30 +01:00