From 8b813fb07a96ef1dc2964b8b87382db3b750885a Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 3 May 2022 11:40:02 +0200
Subject: [PATCH] fix: Renew certificates

---
 src/lib/letsencrypt/index.ts      | 25 +++++++++++++++++++++++++
 src/lib/queues/index.ts           |  2 +-
 src/lib/queues/sslrenewal.ts      | 13 +++++++------
 src/routes/settings/index.svelte  | 21 +++++++++++++++++++++
 src/routes/settings/renew.json.ts | 26 ++++++++++++++++++++++++++
 5 files changed, 80 insertions(+), 7 deletions(-)
 create mode 100644 src/routes/settings/renew.json.ts

diff --git a/src/lib/letsencrypt/index.ts b/src/lib/letsencrypt/index.ts
index f443625ae..7b64b8a9e 100644
--- a/src/lib/letsencrypt/index.ts
+++ b/src/lib/letsencrypt/index.ts
@@ -290,3 +290,28 @@ export async function generateSSLCerts(): Promise<void> {
 		}
 	}
 }
+
+export async function renewSSLCerts(): Promise<void> {
+	const host = 'unix:///var/run/docker.sock';
+	await asyncExecShell(`docker pull alpine:latest`);
+	const certbotImage =
+		process.arch === 'x64' ? 'certbot/certbot' : 'certbot/certbot:arm64v8-latest';
+
+	const { stdout: certificates } = await asyncExecShell(
+		`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "ls -1 /etc/letsencrypt/live/ | grep -v README"`
+	);
+
+	for (const certificate of certificates.trim().split('\n')) {
+		try {
+			await asyncExecShell(
+				`DOCKER_HOST=${host} docker run --rm --name certbot-renewal -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" ${certbotImage} --cert-name ${certificate} --logs-dir /etc/letsencrypt/logs renew --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080`
+			);
+			await asyncExecShell(
+				`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${certificate}/ && cat /etc/letsencrypt/live/${certificate}/fullchain.pem /etc/letsencrypt/live/${certificate}/privkey.pem > /app/ssl/${certificate}.pem"`
+			);
+		} catch (error) {
+			console.log(error);
+		}
+	}
+	await reloadHaproxy('unix:///var/run/docker.sock');
+}
diff --git a/src/lib/queues/index.ts b/src/lib/queues/index.ts
index 60097680d..cc340b883 100644
--- a/src/lib/queues/index.ts
+++ b/src/lib/queues/index.ts
@@ -116,7 +116,7 @@ const cron = async (): Promise<void> => {
 	await queue.proxyTcpHttp.add('proxyTcpHttp', {}, { repeat: { every: 10000 } });
 	await queue.ssl.add('ssl', {}, { repeat: { every: dev ? 10000 : 60000 } });
 	if (!dev) await queue.cleanup.add('cleanup', {}, { repeat: { every: 300000 } });
-	await queue.sslRenew.add('sslRenew', {}, { repeat: { every: 1800000 } });
+	if (!dev) await queue.sslRenew.add('sslRenew', {}, { repeat: { every: 1800000 } });
 	await queue.autoUpdater.add('autoUpdater', {}, { repeat: { every: 60000 } });
 };
 cron().catch((error) => {
diff --git a/src/lib/queues/sslrenewal.ts b/src/lib/queues/sslrenewal.ts
index 4af5bae64..766b9c502 100644
--- a/src/lib/queues/sslrenewal.ts
+++ b/src/lib/queues/sslrenewal.ts
@@ -1,9 +1,10 @@
-import { asyncExecShell } from '$lib/common';
-import { reloadHaproxy } from '$lib/haproxy';
+import { renewSSLCerts } from '$lib/letsencrypt';
 
 export default async function (): Promise<void> {
-	await asyncExecShell(
-		`docker run --rm --name certbot-renewal -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs renew`
-	);
-	await reloadHaproxy('unix:///var/run/docker.sock');
+	try {
+		return await renewSSLCerts();
+	} catch (error) {
+		console.log(error);
+		throw error;
+	}
 }
diff --git a/src/routes/settings/index.svelte b/src/routes/settings/index.svelte
index 6a9b6ba5a..20e1c788d 100644
--- a/src/routes/settings/index.svelte
+++ b/src/routes/settings/index.svelte
@@ -111,6 +111,14 @@
 			loading.save = false;
 		}
 	}
+	async function renewCerts() {
+		try {
+			toast.push('Renewing certificates...');
+			return await post(`/settings/renew.json`, {});
+		} catch ({ error }) {
+			return errorNotification(error);
+		}
+	}
 </script>
 
 <div class="flex space-x-1 p-6 font-bold">
@@ -219,6 +227,19 @@
 							on:click={() => changeSettings('isAutoUpdateEnabled')}
 						/>
 					</div>
+					<div class="grid grid-cols-2 items-center">
+						<div class="flex flex-col">
+							<div class="pt-2 text-base font-bold text-stone-100">
+								Renew SSL Certificates manually
+							</div>
+							<Explainer text="It will check and renew certificates manually" />
+						</div>
+						<div class="mx-auto ">
+							<button class="w-32 bg-coollabs hover:bg-coollabs-100" on:click={renewCerts}
+								>SSL renew manually</button
+							>
+						</div>
+					</div>
 				{/if}
 			</div>
 		</form>
diff --git a/src/routes/settings/renew.json.ts b/src/routes/settings/renew.json.ts
new file mode 100644
index 000000000..3cbb8f4ad
--- /dev/null
+++ b/src/routes/settings/renew.json.ts
@@ -0,0 +1,26 @@
+import { getUserDetails } from '$lib/common';
+import { ErrorHandler } from '$lib/database';
+import { renewSSLCerts } from '$lib/letsencrypt';
+import { t } from '$lib/translations';
+import type { RequestHandler } from '@sveltejs/kit';
+
+export const post: RequestHandler = async (event) => {
+	const { teamId, status, body } = await getUserDetails(event);
+	if (teamId !== '0')
+		return {
+			status: 401,
+			body: {
+				message: t.get('setting.permission_denied')
+			}
+		};
+	if (status === 401) return { status, body };
+
+	try {
+		renewSSLCerts();
+		return {
+			status: 201
+		};
+	} catch (error) {
+		return ErrorHandler(error);
+	}
+};