make certsync more resilient

docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run

@@ -10,48 +10,42 @@ echo "[INFO] Starting certsync..."
 
 lefile="/etc/letsencrypt/live/frigate/fullchain.pem"
 
-if [ ! -e $lefile ]
-then
-    echo "[ERROR] TLS certificate does not exist: $lefile"
-    exit 1
-fi
-
 
 while true
 do
 
-    leprint=`openssl x509 -in $lefile -fingerprint -noout`
+    if [ ! -e $lefile ]
+    then
+        echo "[ERROR] TLS certificate does not exist: $lefile"
+    fi
+
+    leprint=`openssl x509 -in $lefile -fingerprint -noout || echo 'failed'`
 
     case "$leprint" in
         *Fingerprint*)
             ;;
         *)
             echo "[ERROR] Missing fingerprint from $lefile"
-            # exit 1
             ;;
     esac
 
-    # i think this should work without '-servername "$domain"'
+    liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:443 2>&1 | openssl x509 -fingerprint | grep -i fingerprint  || echo 'failed'`
-    liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:443 2>&1 | openssl x509 -fingerprint | grep -i fingerprint`
 
     case "$liveprint" in
         *Fingerprint*)
             ;;
         *)
-            echo "[ERROR] Missing fingerprint from current TLS cert"
+            echo "[ERROR] Missing fingerprint from current nginx TLS cert"
-            # exit 1
             ;;
     esac
 
-    if [ "$leprint" != "$liveprint" ]
+    if [[ "$leprint" != "failed" && "$liveprint" != "failed" && "$leprint" != "$liveprint" ]]
     then
         echo "[INFO] Reloading nginx to refresh TLS certificate"
         echo "$lefile: $leprint"
         /usr/local/nginx/sbin/nginx -s reload
     fi
 
-    # certbot certonly --cert-name frigate --webroot -w /etc/letsencrypt/www --keep-until-expiring --deploy-hook "/usr/local/nginx/sbin/nginx -s reload"
-
     sleep 60
 
 done