cli
cli copied to clipboard
hetznercloud
Update Loadbalancer SSL Certificate
TL;DR
I have a simple shell script for updating loadbalancer certificates with renewed lets encrypt certs. My script works with v1.36 and now I got an error.
Expected behavior
/tmp/hcloud version
hcloud 1.36.0
/tmp/hcloud load-balancer update-service staging-keycloak --http-certificates 1261648 --listen-port 443
500ms [==================================] 100.00%
Service 443 on Load Balancer 1550279 was updated
Observed behavior
/usr/local/bin/hcloud version
hcloud 1.42.0
/usr/local/bin/hcloud load-balancer update-service staging-keycloak --http-certificates 1261648 --listen-port 443
hcloud: invalid input in field 'health_check' (invalid_input)
Minimal working example
#!/bin/bash
# Set your Hetzner API token
export HCLOUD_TOKEN="XXXXXX"
# Set the name of your load balancers
LB_NAME=('staging-keycloak')
# Set the name of the certificate you want to replace
CERT_NAME="example-wildcart-cert-"$(date +"%Y%m%d-%H%M%S")
# Set the path to your new certificate and private key files
CERT_FILE="/etc/letsencrypt/live/example.de/fullchain.pem"
KEY_FILE="/etc/letsencrypt/live/example.de/privkey.pem"
# Upload the new certificate
CERT_ID=$(/usr/local/bin/hcloud certificate create --name $CERT_NAME --cert-file $CERT_FILE --key-file $KEY_FILE | grep -oP '(?<=Certificate )\d+')
echo $CERT_ID
for lb in "${LB_NAME[@]}";
do
# Update the load balancer to use the new certificate
echo "/usr/local/bin/hcloud load-balancer update-service $lb --http-certificates $CERT_ID --listen-port 443"
/usr/local/bin/hcloud load-balancer update-service $lb --http-certificates $CERT_ID --listen-port 443
done
Log output
hcloud: invalid input in field 'health_check' (invalid_input)
Additional information
I can reproduce this. Looks like we now sent (broken) empty options in the request.
Request from CLI 1.36.0:
--- Request:
POST /v1/load_balancers/1710364/actions/update_service HTTP/1.1
Host: api.hetzner.cloud
User-Agent: hcloud-cli/unknown hcloud-go/1.47.0
Content-Length: 80
Authorization: REDACTED
Content-Type: application/json
Accept-Encoding: gzip
{"listen_port":443,"destination_port":8080,"http":{},"health_check":{"http":{}}}
--- Response:
HTTP/2.0 201 Created
Request from CLI v1.42.0:
--- Request:
POST /v1/load_balancers/1710364/actions/update_service HTTP/1.1
Host: api.hetzner.cloud
User-Agent: hcloud-cli/1.42.0-dev hcloud-go/2.6.0
Content-Length: 118
Authorization: REDACTED
Content-Type: application/json
Accept-Encoding: gzip
{"listen_port":443,"destination_port":8080,"http":{"certificates":null},"health_check":{"http":{"status_codes":null}}}
--- Response:
HTTP/2.0 422 Unprocessable Entity
By bisecting I found out that is is broken since commit 59d73f441c18e0aac33d8eb6aa83026dd2c90c1e, which bumped us to hcloud-go v2.5.0. Further bisecting hcloud-go it looks like this commit is at the root of it: https://github.com/hetznercloud/hcloud-go/commit/6feda4d9b0e7cf3f5a17a4b38504abbe5213883d. This makes sense, we overhauled the way we convert our public Go Types and the API Schema types.
Will take a look into fixing this.
Should be fixed with #720.
Can you please confirm that it works for you with
-
go install github.com/hetznercloud/cli/cmd/hcloud@6cea4cd - or
go run github.com/hetznercloud/cli/cmd/hcloud@6cea4cd load-balancer update-service staging-keycloak --http-certificates 1261648 --listen-port 443
@phm07 it works fine with newest go version. Thank you!
go run github.com/hetznercloud/cli/cmd/hcloud@6cea4cd load-balancer update-service staging-keycloak --http-certificates 1261648 --listen-port 443
1.1s [===================================] 100.00%
Service 443 on Load Balancer 1550279 was updated
root@keycloak-1:~#
go version
go version go1.22.2 linux/amd64