Open ikalkov opened 2 years ago
If this is the desired behavior, I'd like to know what is the best way to detect whether letsencrypt is already enabled. If not, we will be happy to submit a PR with a fix.
I would definitely take an MR. Some notes:
post-domains-update
. That should probably always request a new cert, or at least check if all domains are covered.There should be a way to force-refresh the certificates (either via a flag or a new command).
+1 - when moving certs between servers (see #233) you might copy certs by hand from old server to new, but then want to run enable to get a new cert on the new machine and make sure auto renewal is set up correctly.
Description of problem
The
dokku letsencrypt:enable
command seems to request new certificates from the server each time it is executed, regardless of whether or not valid certs already exist for that app. I am not sure if this is the desired behavior or if it makes sense to check whether a valid certificate already exists and not to request a new one if the existing one is fine?We use
letsencrypt:enable
in our CI scripts during automatic deployment of review branches (which are being updated several times a day). It works fine for the first 5 commits, but then we run into rate limits (see results below). I am aware that we could extend our scripts to somehow check whether the branch was already deployed in the past and use letsencrypt:auto-renew instead, but it sounds way more complicated than implementing one additional check insideletsencrypt:enable
.How reproducible
letsencrypt:enable
for that app 1st time (succeeds)letsencrypt:enable
for that app 2nd time (succeeds)letsencrypt:enable
for that app 3rd time (succeeds)letsencrypt:enable
for that app 4th time (succeeds)letsencrypt:enable
for that app 5th time (succeeds)letsencrypt:enable
for that app 6th time (fails):Actual Results
First deployment is fine:
Later deployments (6+) fail:
Expected Results
Reuse existing certificates in
letsencrypt:enable
instead of requesting new ones.Environment Information
Limited to relevant information. I will provide more, if required:
How (deb/make/rpm) and where (AWS, VirtualBox, physical, etc.) was Dokku installed?:
Dedicated physical server.
Additional information
Will be provided if needed.