Skip to content

Commit 58e616c

Browse files
author
Ravi Pranjal
committed
Fix cert installation and renewal issue. Pin acme.sh version
1 parent 151816f commit 58e616c

File tree

1 file changed

+19
-13
lines changed
  • recipes/security/public_certs/assets

1 file changed

+19
-13
lines changed

recipes/security/public_certs/assets/main.yaml

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -144,24 +144,28 @@ Resources:
144144
set -o pipefail
145145
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
146146
yum update -y aws-cfn-bootstrap
147+
147148
/opt/aws/bin/cfn-init -v --stack "${AWS::StackName}" --resource CertificateNode --configsets setup --region "${AWS::Region}"
148149
echo "Domain Name: ${DomainName}"
149150
echo "Domain Certificate Secret: ${CertificateSecret}"
150151
echo "Domain Private Key Secret: ${PrivateKeySecret}"
151152
153+
sudo yum install -y wget
152154
export HOME=/tmp/home
153155
mkdir -p $HOME
154-
155156
cd /tmp
156-
wget https://bootstrap.pypa.io/pip/3.7/get-pip.py
157-
python3 ./get-pip.py
158-
pip3 install boto3
157+
wget https://bootstrap.pypa.io/pip/3.7/get-pip.py
158+
mkdir -p pip
159+
python3 ./get-pip.py --target $PWD/pip
160+
$PWD/pip/bin/pip3 install boto3
159161
eval $(python3 -c "from botocore.credentials import InstanceMetadataProvider, InstanceMetadataFetcher; provider = InstanceMetadataProvider(iam_role_fetcher=InstanceMetadataFetcher(timeout=1000, num_attempts=2)); c = provider.load().get_frozen_credentials(); print(f'export AWS_ACCESS_KEY_ID={c.access_key}'); print(f'export AWS_SECRET_ACCESS_KEY={c.secret_key}'); print(f'export AWS_SESSION_TOKEN={c.token}')")
160162
161163
mkdir certificates
162164
cd certificates
163-
git clone https://github.com/acmesh-official/acme.sh.git
164-
cd acme.sh
165+
VERSION=3.1.0
166+
wget https://github.com/acmesh-official/acme.sh/archive/refs/tags/$VERSION.tar.gz -O acme-$VERSION.tar.gz
167+
tar -xvf acme-$VERSION.tar.gz
168+
cd acme.sh-$VERSION
165169
./acme.sh --install
166170
./acme.sh --set-default-ca --server letsencrypt
167171
./acme.sh --issue --dns dns_aws --ocsp-must-staple --keylength 4096 -d ${DomainName} -d "*.${DomainName}"
@@ -295,25 +299,27 @@ Resources:
295299
set -o pipefail
296300
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
297301
yum update -y aws-cfn-bootstrap
298-
sudo yum install -y git
299302
300303
echo "Domain Name: ${DomainName}"
301304
echo "Domain Certificate Secret: ${CertificateSecret}"
302305
echo "Domain Private Key Secret: ${PrivateKeySecret}"
303306
307+
sudo yum install -y wget
304308
export HOME=/tmp/home
305309
mkdir -p $HOME
306-
307310
cd /tmp
308-
wget https://bootstrap.pypa.io/pip/3.7/get-pip.py
309-
python3 ./get-pip.py
310-
pip3 install boto3
311+
wget https://bootstrap.pypa.io/pip/3.7/get-pip.py
312+
mkdir -p pip
313+
python3 ./get-pip.py --target $PWD/pip
314+
$PWD/pip/bin/pip3 install boto3
311315
eval $(python3 -c "from botocore.credentials import InstanceMetadataProvider, InstanceMetadataFetcher; provider = InstanceMetadataProvider(iam_role_fetcher=InstanceMetadataFetcher(timeout=1000, num_attempts=2)); c = provider.load().get_frozen_credentials(); print(f'export AWS_ACCESS_KEY_ID={c.access_key}'); print(f'export AWS_SECRET_ACCESS_KEY={c.secret_key}'); print(f'export AWS_SESSION_TOKEN={c.token}')")
312316
313317
mkdir certificates
314318
cd certificates
315-
git clone https://github.com/Neilpang/acme.sh.git
316-
cd acme.sh
319+
VERSION=3.1.0
320+
wget https://github.com/acmesh-official/acme.sh/archive/refs/tags/$VERSION.tar.gz -O acme-$VERSION.tar.gz
321+
tar -xvf acme-$VERSION.tar.gz
322+
cd acme.sh-$VERSION
317323
./acme.sh --install
318324
./acme.sh --set-default-ca --server letsencrypt
319325
./acme.sh --issue --dns dns_aws --ocsp-must-staple --keylength 4096 -d ${DomainName} -d "*.${DomainName}"

0 commit comments

Comments
 (0)