[ACME] Add DIRECTORY_URL for custom directory URLs

2020-07-03 09:00:10 +02:00 · 2020-07-03 09:00:10 +02:00 · 4ce39c0f3f
parent 9f9164d180
commit 4ce39c0f3f
3 changed files with 11 additions and 7 deletions
--- a/data/Dockerfiles/acme/functions.sh
+++ b/data/Dockerfiles/acme/functions.sh
@ -9,9 +9,9 @@ log_f() {
    echo "$(date) - ${1}"
  fi
  if [[ ${3} == "b64" ]]; then
-    ${REDIS_CMDLINE} LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"base64,$(printf '%s' "${1}")\"}" > /dev/null
+    ${REDIS_CMDLINE} LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"base64,$(printf '%s' "${MAILCOW_HOSTNAME} - ${1}")\"}" > /dev/null
  else
-    ${REDIS_CMDLINE} LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"$(printf '%s' "${1}" | \
+    ${REDIS_CMDLINE} LPUSH ACME_LOG "{\"time\":\"$(date +%s)\",\"message\":\"$(printf '%s' "${MAILCOW_HOSTNAME} - ${1}" | \
      tr '%&;$"[]{}-\r\n' ' ')\"}" > /dev/null
  fi
 }
--- a/data/Dockerfiles/acme/obtain-certificate.sh
+++ b/data/Dockerfiles/acme/obtain-certificate.sh
@ -32,10 +32,13 @@ if [[ -z ${CERT_DOMAINS[*]} ]]; then
 fi

 if [[ "${LE_STAGING}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  if [[ ! -z "${DIRECTORY_URL}" ]]; then
+    log_f "Cannot use DIRECTORY_URL with LE_STAGING=y - ignoring DIRECTORY_URL"
+  fi
  log_f "Using Let's Encrypt staging servers"
-  STAGING_PARAMETER='--directory-url https://acme-staging-v02.api.letsencrypt.org/directory'
-else
-  STAGING_PARAMETER=
+  DIRECTORY_URL='--directory-url https://acme-staging-v02.api.letsencrypt.org/directory'
+elif [[ ! -z "${DIRECTORY_URL}" ]]; then
+  log_f "Using custom directory URL ${DIRECTORY_URL}"
 fi

 if [[ -f ${DOMAINS_FILE} && "$(cat ${DOMAINS_FILE})" ==  "${CERT_DOMAINS[*]}" ]]; then
@ -84,7 +87,7 @@ openssl req -new -sha256 -key ${KEY} -subj "/" -reqexts SAN -config <(cat /etc/s
 # - redirect acme-tiny stderr to stdout (logs to variable ACME_RESPONSE)
 # - tee stderr to get live output and log to dockerd

-ACME_RESPONSE=$(acme-tiny ${STAGING_PARAMETER} \
+ACME_RESPONSE=$(acme-tiny ${DIRECTORY_URL} \
  --account-key ${ACME_BASE}/acme/account.pem \
  --disable-check \
  --csr ${CSR} \
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -342,7 +342,7 @@ services:
    acme-mailcow:
      depends_on:
        - nginx-mailcow
-      image: mailcow/acme:1.70
+      image: mailcow/acme:1.71
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
@ -353,6 +353,7 @@ services:
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
+        - DIRECTORY_URL=${DIRECTORY_URL:-}
        - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
        - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
        - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}