#!/usr/bin/env bash # Retry certbot certificate requests with proper DNS propagation time # Fixes the "NXDOMAIN" error by using longer propagation wait set -euo pipefail # Load IP configuration SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_success() { echo -e "${GREEN}[✓]${NC} $1"; } log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; } log_error() { echo -e "${RED}[✗]${NC} $1"; } PROXMOX_HOST="${1:-192.168.11.11}" CONTAINER_ID="${2:-10233}" EMAIL="${3:-nsatoshi2007@hotmail.com}" PROPAGATION_SECONDS="${4:-120}" echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "🔒 Retrying Certbot with Proper DNS Propagation" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" # Domains that failed (from error message) DOMAINS=( "sankofa.nexus" "www.sankofa.nexus" "phoenix.sankofa.nexus" "www.phoenix.sankofa.nexus" "the-order.sankofa.nexus" ) log_info "Container: $CONTAINER_ID" log_info "Propagation wait: ${PROPAGATION_SECONDS} seconds" log_info "Email: $EMAIL" echo "" # Verify credentials exist log_info "Verifying Cloudflare credentials..." CREDS_EXIST=$(ssh root@"$PROXMOX_HOST" \ "pct exec $CONTAINER_ID -- test -f /etc/cloudflare/credentials.ini && echo 'yes' || echo 'no'") if [ "$CREDS_EXIST" != "yes" ]; then log_error "Cloudflare credentials not found!" log_info "Run: bash scripts/fix-certbot-dns-propagation.sh $PROXMOX_HOST $CONTAINER_ID" exit 1 fi log_success "Credentials file exists" # Request certificates with proper propagation time log_info "Requesting certificates with ${PROPAGATION_SECONDS}s propagation time..." echo "" success_count=${success_count:-0} fail_count=${fail_count:-0} # Group domains by base domain for certificate requests declare -A DOMAIN_GROUPS DOMAIN_GROUPS["sankofa.nexus"]="sankofa.nexus www.sankofa.nexus" DOMAIN_GROUPS["phoenix.sankofa.nexus"]="phoenix.sankofa.nexus www.phoenix.sankofa.nexus" DOMAIN_GROUPS["the-order.sankofa.nexus"]="the-order.sankofa.nexus" for group_name in "${!DOMAIN_GROUPS[@]}"; do domain_list="${DOMAIN_GROUPS[$group_name]}" log_info "Requesting certificate for: $domain_list" # Build certbot command CERTBOT_CMD="certbot certonly --dns-cloudflare \ --dns-cloudflare-credentials /etc/cloudflare/credentials.ini \ --dns-cloudflare-propagation-seconds $PROPAGATION_SECONDS \ --non-interactive \ --agree-tos \ --email $EMAIL" # Add domains for domain in $domain_list; do CERTBOT_CMD="$CERTBOT_CMD -d $domain" done log_info " Running certbot (this may take 2-3 minutes)..." # Run certbot result=$(ssh root@"$PROXMOX_HOST" \ "pct exec $CONTAINER_ID -- bash -c '$CERTBOT_CMD 2>&1'" || echo "FAILED") set +e if echo "$result" | grep -q "Congratulations\|Successfully received certificate"; then log_success " ✓ Certificate obtained: $group_name" success_count=$((success_count + 1)) elif echo "$result" | grep -q "already exists\|Certificate not yet due for renewal"; then log_warn " ⚠ Certificate already exists: $group_name" success_count=$((success_count + 1)) else log_error " ✗ Failed: $group_name" echo "$result" | grep -i "error\|failed\|NXDOMAIN" | head -5 fail_count=$((fail_count + 1)) fi set -e echo "" sleep 2 # Small delay between requests done echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" log_info "Summary:" log_success " Successful: $success_count" if [ $fail_count -gt 0 ]; then log_error " Failed: $fail_count" fi echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" if [ $fail_count -eq 0 ]; then log_success "✅ All certificates obtained successfully!" else log_warn "⚠️ Some certificates failed. You may need to:" log_info " 1. Wait a few minutes for DNS to fully propagate" log_info " 2. Increase propagation time: --dns-cloudflare-propagation-seconds 180" log_info " 3. Check DNS records exist in Cloudflare" exit 1 fi