From cd4a071ed4fbf7d7351964acbfa8011e6ebb40e6 Mon Sep 17 00:00:00 2001
From: Frank Sachsenheim <funkyfuture@users.noreply.github.com>
Date: Tue, 24 Mar 2020 22:45:55 +0100
Subject: [PATCH] web: check for certbot's success and exit in case of a
 failure

---
 web/rootfs/etc/cont-init.d/10-config | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config
index 075ad4b..9ff0098 100644
--- a/web/rootfs/etc/cont-init.d/10-config
+++ b/web/rootfs/etc/cont-init.d/10-config
@@ -11,13 +11,21 @@ mkdir -p \
 if [[ $DISABLE_HTTPS -ne 1 ]]; then
     if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
         if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
-            certbot certonly \
-                --noninteractive \
-                --standalone \
-                --preferred-challenges http \
-                -d $LETSENCRYPT_DOMAIN \
-                --agree-tos \
-                --email $LETSENCRYPT_EMAIL
+            if ! certbot certonly \
+                  --noninteractive \
+                  --standalone \
+                  --preferred-challenges http \
+                  -d $LETSENCRYPT_DOMAIN \
+                  --agree-tos \
+                  --email $LETSENCRYPT_EMAIL ; then
+
+                echo "Failed to obtain a certificate from the Let's Encrypt CA."
+                # this tries to get the user's attention and to spare the
+                # authority's rate limit:
+                sleep 15
+                echo "Exiting."
+                exit 1
+            fi
         fi
 
         # remove default certbot renewal
@@ -115,4 +123,3 @@ if [[ ! -f /config/interface_config.js ]]; then
     fi
 
 fi
-