jelastic-jps · lazarenkoalexey · May 17, 2022 · Jul 19, 2022 · Jul 19, 2022 · Jul 19, 2022
diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh
@@ -4,6 +4,7 @@ LOG_FILE=$DIR/var/log/letsencrypt/letsencrypt.log-$(date '+%s')
 KEYS_DIR="$DIR/var/lib/jelastic/keys/"
 SETTINGS="$DIR/opt/letsencrypt/settings"
 DOMAIN_SEP=" -d "
+TOO_MANY_FAILED_AUTH=23
 GENERAL_RESULT_ERROR=21
 TOO_MANY_CERTS=22
 WRONG_WEBROOT_ERROR=25
@@ -63,7 +64,7 @@ do
   [[ -z $domain ]] && break;
   LOG_FILE=$LOG_FILE"-"$counter
 
-  resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --log $LOG_FILE 2>&1)
+  resp=$($DIR/opt/letsencrypt/acme.sh --issue $params $test_params --listen-v6 --domain $domain --nocron -f --log-level 2 --server letsencrypt --log $LOG_FILE 2>&1)
 
   grep -q 'Cert success' $LOG_FILE && grep -q "BEGIN CERTIFICATE" $LOG_FILE && result_code=0 || result_code=$GENERAL_RESULT_ERROR
 
@@ -86,6 +87,14 @@ do
       invalid_domain=$(echo $error | sed -rn 's/Cannot issue for \\\"(.*)\\\":.*/\1/p')
     }
 
+    [[ -z $error ]] && {
+      error=$(sed -rn 's/.*(Error creating new order \:\:) (too many failed authorizations recently.*)\",/\2/p' $LOG_FILE | sed '$!d');
+      [[ ! -z $error ]] && {
+        rate_limit_auth_exceeded=true;
+        break;
+      }
+    }
+
     [[ -z $error ]] && {
       error=$(sed -rn 's/.*(Error creating new order \:\: )(.*)\"\,/\2/p' $LOG_FILE | sed '$!d');
       [[ ! -z $error ]] && {
@@ -132,6 +141,7 @@ fi
 [[ $timed_out == true ]] && exit $TIME_OUT_ERROR;
 [[ $rate_limit_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_CERTS; }
 [[ $result_code != "0" ]] && { echo "$all_invalid_domains_errors"; exit $GENERAL_RESULT_ERROR; }
+[[ $rate_limit_auth_exceeded == true ]] && { echo "$error"; exit $TOO_MANY_FAILED_AUTH; }
 
 #To be sure that r/w access
 mkdir -p /tmp/

diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js
@@ -41,6 +41,7 @@ function SSLManager(config) {
         INVALID_WEBROOT_DIR = 12005,
         UPLOADER_ERROR = 12006,
         READ_TIMED_OUT = 12007,
+        RATE_LIMIT_AUTH_EXCEEDED = 12003,
         VALIDATION_SCRIPT = "validation.sh",
         SHELL_CODES = {},
         INSTALL_LE_SCRIPT = "install-le.sh",
@@ -1044,10 +1045,11 @@ function SSLManager(config) {
             path : nodeManager.getPath(SETTINGS_PATH)
         });
     };
-
+    
     me.defineShellCodes = function() {
         SHELL_CODES[WRONG_DNS_CUSTOM_DOMAINS] = 21;
         SHELL_CODES[RATE_LIMIT_EXCEEDED] = 22;
+        SHELL_CODES[RATE_LIMIT_AUTH_EXCEEDED] = 23;
         SHELL_CODES[INVALID_WEBROOT_DIR] = 25;
         SHELL_CODES[UPLOADER_ERROR] = 26;
         SHELL_CODES[READ_TIMED_OUT] = 27;
@@ -1241,6 +1243,7 @@ function SSLManager(config) {
                 if (resp.exitStatus == SHELL_CODES[UPLOADER_ERROR]) return { result: UPLOADER_ERROR}
                 if (resp.exitStatus == SHELL_CODES[READ_TIMED_OUT]) return { result: READ_TIMED_OUT}
                 if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_EXCEEDED]) return { result: RATE_LIMIT_EXCEEDED, response: resp.out }
+                if (resp.exitStatus == SHELL_CODES[RATE_LIMIT_AUTH_EXCEEDED]) return { result: RATE_LIMIT_AUTH_EXCEEDED, response: resp.out }
             }
 
             //just cutting "out" for debug logging because it's too long in SSL generation output