dep updates/enable ssl_dyn_rec_enable/fix nginx in background/remove tempwrite

Signed-off-by: Zoey <zoey@z0ey.de>

backend/internal/certificate.js

@@ -1,7 +1,6 @@
 const _                = require('lodash');
 const fs               = require('fs');
 const https            = require('https');
-const tempWrite        = require('temp-write');
 const moment           = require('moment');
 const logger           = require('../logger').ssl;
 const error            = require('../lib/error');
@@ -11,6 +10,7 @@ const dnsPlugins       = require('../certbot-dns-plugins');
 const internalAuditLog = require('./audit-log');
 const internalNginx    = require('./nginx');
 const archiver         = require('archiver');
+const crypto           = require('crypto');
 const path             = require('path');
 const { isArray }      = require('lodash');
 
@@ -29,7 +29,7 @@ const internalCertificate = {
 	intervalProcessing: false,
 
 	initTimer: () => {
-		logger.info('Certbot Encrypt Renewal Timer initialized');
+		logger.info('Certbot Renewal Timer initialized');
 		internalCertificate.interval = setInterval(internalCertificate.processExpiringHosts, internalCertificate.intervalTimeout);
 		// And do this now as well
 		internalCertificate.processExpiringHosts();
@@ -637,8 +637,10 @@ const internalCertificate = {
 	 * @param {String}  private_key    This is the entire key contents as a string
 	 */
 	checkPrivateKey: (private_key) => {
-		return tempWrite(private_key, '/tmp')
-			.then((filepath) => {
+		const randomName = crypto.randomBytes(8).toString('hex');
+		const filepath   = path.join('/tmp', 'certificate_' + randomName);
+		return fs.writeFileSync(filepath, private_key)
+			.then(() => {
 				return new Promise((resolve, reject) => {
 					const failTimeout = setTimeout(() => {
 						reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
@@ -670,8 +672,10 @@ const internalCertificate = {
 	 * @param {Boolean} [throw_expired]  Throw when the certificate is out of date
 	 */
 	getCertificateInfo: (certificate, throw_expired) => {
-		return tempWrite(certificate, '/tmp')
-			.then((filepath) => {
+		const randomName = crypto.randomBytes(8).toString('hex');
+		const filepath   = path.join('/root', 'certificate_' + randomName);
+		return fs.writeFileSync(filepath, certificate)
+			.then(() => {
 				return internalCertificate.getCertificateInfoFromFile(filepath, throw_expired)
 					.then((certData) => {
 						fs.unlinkSync(filepath);

backend/internal/nginx.js

@@ -5,6 +5,8 @@ const config = require('../lib/config');
 const utils  = require('../lib/utils');
 const error  = require('../lib/error');
 
+const NgxPidFilePath = '/usr/local/nginx/logs/nginx.pid';
+
 const internalNginx = {
 
 	/**
@@ -111,11 +113,21 @@ const internalNginx = {
 	/**
 	 * @returns {Promise}
 	 */
+
 	reload: () => {
 		return internalNginx.test()
 			.then(() => {
-				logger.info('Restarting Nginx');
-				return utils.exec('kill $(cat /usr/local/nginx/logs/nginx.pid); nginx');
+				if (fs.existsSync(NgxPidFilePath)) {
+					const ngxPID = fs.readFileSync(NgxPidFilePath, 'utf8').trim();
+					if (ngxPID.length > 0) {
+						logger.info('Killing Nginx');
+						utils.exec(`kill ${ngxPID}`);
+					}
+				}
+				logger.info('Starting Nginx in three seconds');
+				setTimeout(() => {
+					utils.execfg('nginx');
+				}, 3000);
 			});
 	},
 
@@ -159,10 +171,10 @@ const internalNginx = {
 						{certificate: host.certificate}, host.locations[i]);
 
 					if (locationCopy.forward_host.indexOf('/') > -1) {
-						const splitted = locationCopy.forward_host.split('/');
+						const split = locationCopy.forward_host.split('/');
 
-						locationCopy.forward_host = splitted.shift();
-						locationCopy.forward_path = `/${splitted.join('/')}`;
+						locationCopy.forward_host = split.shift();
+						locationCopy.forward_path = `/${split.join('/')}`;
 					}
 
 					// eslint-disable-next-line