Keep key when issuing new certificate to not break TLSA records with options 3 1 1

2017-06-23 08:40:05 +02:00 · 2017-06-23 08:40:05 +02:00 · 59623a639e
parent 18e52ab27d
commit 59623a639e
2 changed files with 3 additions and 2 deletions
--- a/data/Dockerfiles/acme/docker-entrypoint.sh
+++ b/data/Dockerfiles/acme/docker-entrypoint.sh
@ -97,10 +97,11 @@ while true; do
 	ORPHANED_SAN=($(echo ${SAN_ARRAY_NOW[*]} ${VALIDATED_CONFIG_DOMAINS[*]} ${ADDITIONAL_VALIDATED_SAN[*]} ${MAILCOW_HOSTNAME} | tr ' ' '\n' | sort | uniq -u ))
 	if [[ ! -z ${ORPHANED_SAN[*]} ]]; then
 		DATE=$(date +%Y-%m-%d_%H_%M_%S)
-		echo "Found orphaned SAN in certificate, moving old files to ${ACME_BASE}/acme/private/${DATE}.bak/"
+		echo "Found orphaned SAN(s) ${ORPHANED_SAN[*]} in certificate, moving old files to ${ACME_BASE}/acme/private/${DATE}.bak/"
 		mkdir -p ${ACME_BASE}/acme/private/${DATE}.bak/
 		[[ -f ${ACME_BASE}/acme/private/account.key ]] && mv ${ACME_BASE}/acme/private/account.key ${ACME_BASE}/acme/private/${DATE}.bak/
 		mv ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/acme/private/${DATE}.bak/
        mv ${ACME_BASE}/acme/cert.pem ${ACME_BASE}/acme/private/${DATE}.bak/
 		cp ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/acme/private/${DATE}.bak/ # Keep key for TLSA 3 1 1 records
 	fi
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -284,7 +284,7 @@ services:
    acme-mailcow:
      depends_on:
        - nginx-mailcow
-      image: mailcow/acme:1.2
+      image: mailcow/acme:1.3
      build: ./data/Dockerfiles/acme
      dns:
        - 172.22.1.254