From 31840c9d05fb5182db1a55fa7d98c5de404ecd8b Mon Sep 17 00:00:00 2001
From: Philipp Bayer <PhilippBay@gmail.com>
Date: Mon, 7 Aug 2017 19:55:25 +0800
Subject: [PATCH] Fixes bug in autoupdater. Reschedules update to 60 days.
 (#424)

* Fixes bug in autoupdater. Reschedules update to 60 days.

* Implements Helges suggestion of a specific release so future updates to dehydrated do not break stuff
---
 bin/ssl_cert.sh    | 7 +++----
 config/schedule.rb | 7 ++++++-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/bin/ssl_cert.sh b/bin/ssl_cert.sh
index 0b6e0d7..1cf45ef 100755
--- a/bin/ssl_cert.sh
+++ b/bin/ssl_cert.sh
@@ -2,7 +2,7 @@
 
 echo 'Cloning dehydrated...'
 cd /home
-git clone https://github.com/lukas2511/dehydrated.git
+git clone https://github.com/lukas2511/dehydrated.git --branch=v0.4.0 --depth=1
 cd dehydrated
 
 cp docs/examples/config config
@@ -12,7 +12,6 @@ mkdir -p /home/app/snpr/public/.well-known/acme-challenge
 echo 'WELLKNOWN=/home/app/snpr/public/.well-known/acme-challenge' >> config
 
 echo 'opensnp.org www.opensnp.org' > domains.txt
-echo 'opensnp.net www.opensnp.net' >> domains.txt
 
 echo 'Starting dehydrated...'
 
@@ -21,9 +20,9 @@ echo 'Starting dehydrated...'
 
 echo 'Done, now copying keys'
 cp /etc/ssl/private/opensnp.org.key /etc/ssl/private/opensnp.org.key.old
-cp privkey.pem /etc/ssl/private/opensnp.org.key
+cp /home/dehydrated/certs/opensnp.org/privkey.pem /etc/ssl/private/opensnp.org.key
 cp /etc/ssl/certs/opensnp.org.crt /etc/ssl/certs/opensnp.org.crt.old
-cp fullchain.pem /etc/ssl/certs/opensnp.org.crt
+cp /home/dehydrated/certs/opensnp.org/fullchain.pem /etc/ssl/certs/opensnp.org.crt
 
 service nginx restart
 
diff --git a/config/schedule.rb b/config/schedule.rb
index 2bd4ddf..1ee1f10 100644
--- a/config/schedule.rb
+++ b/config/schedule.rb
@@ -27,9 +27,14 @@ end
 
 every :day do
   rake 'papers:update'
-  command '/home/app/snpr/bin/ssl_cert.sh'
 end
 
 every :week do
   rake 'recommender:update_all'
 end
+
+# The let's encrypt updater stops if the cert is younger than 30 days.
+# it's valid for 90 days, so let's ask for the middle.
+every 60.days do
+  command '/home/app/snpr/bin/ssl_cert.sh'
+end