diff --git a/Gemfile b/Gemfile index b81fdf10..146097c2 100644 --- a/Gemfile +++ b/Gemfile @@ -47,6 +47,7 @@ gem 'acme-client', { git: 'https://github.com/jhass/acme-client.git', branch: 'no_activesupport' } +gem 'http' platform :mri, :rbx do gem 'magic' # sudo apt-get install file, For OSX: brew install libmagic diff --git a/Gemfile.lock b/Gemfile.lock index 6d6e5e7c..7c29ab70 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -97,8 +97,15 @@ GEM hiredis (0.6.1) hoe (3.14.2) rake (>= 0.8, < 11.0) + http (2.0.1) + addressable (~> 2.3) + http-cookie (~> 1.0) + http-form_data (~> 1.0.1) + http_parser.rb (~> 0.6.0) http-cookie (1.0.2) domain_name (~> 0.5) + http-form_data (1.0.1) + http_parser.rb (0.6.0) i18n (0.7.0) io-extra (1.2.8) jimson-temp (0.9.5) @@ -280,6 +287,7 @@ DEPENDENCIES geoip hiredis hoe (= 3.14.2) + http io-extra jdbc-postgres jruby-openssl diff --git a/workers/lets_encrypt_worker.rb b/workers/lets_encrypt_worker.rb index d1a6eb99..d042164e 100644 --- a/workers/lets_encrypt_worker.rb +++ b/workers/lets_encrypt_worker.rb @@ -1,6 +1,7 @@ class LetsEncryptWorker class NotAuthorizedYetError < StandardError; end class VerificationTimeoutError < StandardError; end + class VerifyNotFoundWithDomain < StandardError; end include Sidekiq::Worker sidekiq_options queue: :lets_encrypt_worker, retry: 100, backtrace: true @@ -36,9 +37,18 @@ class LetsEncryptWorker FileUtils.mkdir_p File.join(site.base_files_path, File.dirname(challenge.filename)) if index == 0 File.write File.join(site.base_files_path, challenge.filename), challenge.file_content + # Ensure that both domains work before sending request. Let's Encrypt has a low + # pending request limit, and it takes one week (!) to flush out. + sleep 2 + challenge_url = "#{domain}/#{challenge.filename}" + ["http://#{challenge_url}", "http://www.#{challenge_url}"].each do |url| + res = HTTP.follow.get(url) + raise VerifyNotFoundWithDomain unless res.status == 200 + end + challenge.request_verification - sleep 1 + sleep 60 attempts = 0 begin