fix(ssl): fix acme.sh location and cleanup error handling

no issue - downloads acme to local install rather than global folder - cleans up error handling so we don't throw a ProcessError if we get an error from download
TryGhost · Jul 6, 2017 · 61f1ed0 · 61f1ed0
1 parent 1378f81
commit 61f1ed0
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 13 deletions.
diff --git a/extensions/nginx/commands/ssl-renew.js b/extensions/nginx/commands/ssl-renew.js
@@ -12,15 +12,7 @@ class SslRenewCommand extends cli.Command {
         }
 
         let email = instance.cliConfig.get('extension.sslemail');
-        return this.ui.run(letsencrypt(instance, email, false, true), 'Renewing SSL certificate')
-            .catch((error) => {
-                if (error.stdout.match(/Skip/)) {
-                    this.ui.log('Certificate not due for renewal yet, skipping', 'yellow');
-                    return;
-                }
-
-                return Promise.reject(new cli.errors.ProcessError(error));
-            });
+        return this.ui.run(letsencrypt(instance, email, false, true), 'Renewing SSL certificate');
     }
 }
 

diff --git a/extensions/nginx/index.js b/extensions/nginx/index.js
@@ -162,8 +162,7 @@ class NginxExtension extends cli.Extension {
         }, {
             title: 'Getting SSL Certificate',
             task: () => {
-                return letsencrypt(ctx.instance, argv.sslemail, argv.sslstaging)
-                    .catch((error) => Promise.reject(new cli.errors.ProcessError(error)));
+                return letsencrypt(ctx.instance, argv.sslemail, argv.sslstaging);
             }
         }, {
             title: 'Generating Encryption Key (may take a few minutes)',

diff --git a/extensions/nginx/letsencrypt.js b/extensions/nginx/letsencrypt.js
@@ -5,12 +5,14 @@ const path = require('path');
 const execa = require('execa');
 const download = require('download');
 
+const errors = require('../../lib').errors;
+
 // This is how we will do version control for acme.sh
 const ACME_VERSION = '2.7.2';
 
 module.exports = function letsencrypt(instance, email, staging, renew) {
     let downloadPromise;
-    let acmePath = path.join(__dirname, 'acme.sh');
+    let acmePath = path.join(instance.dir, 'system', 'acme.sh');
 
     if (fs.existsSync(acmePath)) {
         downloadPromise = Promise.resolve();
@@ -33,5 +35,18 @@ module.exports = function letsencrypt(instance, email, staging, renew) {
             `--accountemail ${email} --key-file ${privkey} --fullchain-file ${fullchain}${staging ? ' --staging' : ''}`;
 
         return execa.shell(cmd);
-    });
+    }).catch((error) => {
+        if (!error.cmd) {
+            // if cmd not set, we got an error from `download`
+            return Promise.reject(new errors.SystemError(error.message));
+        }
+
+        // This is an execa error
+        if (error.stdout.match(/Skip/)) {
+            this.ui.log('Certificate not due for renewal yet, skipping', 'yellow');
+            return;
+        }
+
+        return Promise.reject(new errors.ProcessError(error));
+    });;
 };