Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with Lets Encrypt - Cloudflare #1566

Open
luis-paulo-silva opened this issue Oct 4, 2024 · 1 comment
Open

Issue with Lets Encrypt - Cloudflare #1566

luis-paulo-silva opened this issue Oct 4, 2024 · 1 comment

Comments

@luis-paulo-silva
Copy link

Step template

Lets Encrypt - Cloudflare

Step version

No response

Octopus version

Any

Step template parameter inputs

No response

What happened

Duplicated certificate entries on the library due to a new CA being introduced and the step not updated

Reproduction steps

Just remove the current CAs (issuers) from the script and you should get the certificates duplicated.
Once they are duplicated (3 or 4 times), restore that list and try to update the certificates and get them replaced (it will not work)
You have to loop on the existing certificates to update them all to be archived and replaced by the new one.
We had this problem because we needed some custom code and the plugin was not up to date but the issue regarding replacing the certificates is still valid.

More Information

No response
@luis-paulo-silva
Copy link
Author

luis-paulo-silva commented Oct 4, 2024
edited
Loading

Proposed fix:

if ($expiring_certificates) {
        $expiring_certificates_count = $expiring_certificates.Count
        Write-Host "Found $expiring_certificates_count certificates that expire with $($OctopusParameters["LE_Cloudflare_ReplaceIfExpiresInDays"]) days. Requesting new certificates for $($LE_Cloudflare_CertificateDomain) from Lets Encrypt"
        $le_certificate = Get-LetsEncryptCertificate

        # PFX
        $existing_certificates = $certificates | Where-Object { $_.CertificateDataFormat -eq "Pkcs12" }
        $existing_certificates_count = $existing_certificates.Count
        Write-Host "Found $existing_certificates_count certificates to replace. Iterating..."
        $certificate_as_json = Get-ReplaceCertificatePFXAsJson -Certificate $le_certificate
        ForEach ($existing_certificate in $existing_certificates)
        {
          $certificateId = $existing_certificate.Id
          Write-Host "Replacing $certificateId with new certificate"
          Update-OctopusCertificate -Certificate_Id $existing_certificate.Id -JsonBody $certificate_as_json
        }
    }

Edit:
Additionally, if possible (and I'm looking to make it possible) the following array should be fetched from somewhere any time the step starts to avoid these problems.
$LE_Cloudflare_Issuers = @("Let's Encrypt Authority X3", "E1", "E2", "R3", "R4", "R5", "R6", "R10", "R11")

Instead of a static thing we should be getting it from an API somewhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@luis-paulo-silva