From 68ecb7a64d31b39dac03452cadb4848132998e11 Mon Sep 17 00:00:00 2001 From: Michael Kuron Date: Thu, 22 Jun 2017 20:34:54 +0200 Subject: [PATCH 1/3] ACME: support CNAME in domain checks --- data/Dockerfiles/acme/docker-entrypoint.sh | 6 +++--- docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh index a02e2d57..d35f3c63 100755 --- a/data/Dockerfiles/acme/docker-entrypoint.sh +++ b/data/Dockerfiles/acme/docker-entrypoint.sh @@ -53,7 +53,7 @@ while true; do done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs) for SQL_DOMAIN in "${SQL_DOMAIN_ARR[@]}"; do - A_CONFIG=$(dig A autoconfig.${SQL_DOMAIN} +short) + A_CONFIG=$(dig A autoconfig.${SQL_DOMAIN} +short | tail -n 1) if [[ ! -z ${A_CONFIG} ]]; then echo "Found A record for autoconfig.${SQL_DOMAIN}: ${A_CONFIG}" if [[ ${IPV4} == ${A_CONFIG} ]]; then @@ -66,7 +66,7 @@ while true; do echo "No A record for autoconfig.${SQL_DOMAIN} found" fi - A_DISCOVER=$(dig A autodiscover.${SQL_DOMAIN} +short) + A_DISCOVER=$(dig A autodiscover.${SQL_DOMAIN} +short | tail -n 1) if [[ ! -z ${A_DISCOVER} ]]; then echo "Found A record for autodiscover.${SQL_DOMAIN}: ${A_CONFIG}" if [[ ${IPV4} == ${A_DISCOVER} ]]; then @@ -81,7 +81,7 @@ while true; do done for SAN in "${ADDITIONAL_SAN_ARR[@]}"; do - A_SAN=$(dig A ${SAN} +short) + A_SAN=$(dig A ${SAN} +short | tail -n 1) if [[ ! -z ${A_SAN} ]]; then echo "Found A record for ${SAN}: ${A_SAN}" if [[ ${IPV4} == ${A_SAN} ]]; then diff --git a/docker-compose.yml b/docker-compose.yml index 900c1dda..ade39b40 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -284,7 +284,7 @@ services: acme-mailcow: depends_on: - nginx-mailcow - image: mailcow/acme:1.1 + image: mailcow/acme:1.2 build: ./data/Dockerfiles/acme dns: - 172.22.1.254 From fecb62e201070e6d716f9066ab86a85ae7351e39 Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 22 Jun 2017 21:31:14 +0200 Subject: [PATCH 2/3] Fix skip le test... --- data/Dockerfiles/acme/docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh index d35f3c63..ec7989ed 100755 --- a/data/Dockerfiles/acme/docker-entrypoint.sh +++ b/data/Dockerfiles/acme/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -if [[ ! "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then +if [[ "${SKIP_LETS_ENCRYPT}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then echo "Skipping Let's Encrypt..." exit 0 fi From f36cfd8494239a9c9ee0352099ff7fe91bb553e9 Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 22 Jun 2017 21:44:10 +0200 Subject: [PATCH 3/3] Move account key --- data/Dockerfiles/acme/docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh index ec7989ed..039f73da 100755 --- a/data/Dockerfiles/acme/docker-entrypoint.sh +++ b/data/Dockerfiles/acme/docker-entrypoint.sh @@ -101,6 +101,7 @@ while true; do echo "Found orphaned SAN in certificate, moving old files to ${ACME_BASE}/acme/private/${DATE}/" mkdir -p ${ACME_BASE}/acme/private/${DATE}/ mv ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/acme/private/${DATE}/ + mv ${ACME_BASE}/acme/private/account.key ${ACME_BASE}/acme/private/${DATE}/ mv ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/acme/private/${DATE}/ mv ${ACME_BASE}/acme/cert.pem ${ACME_BASE}/acme/private/${DATE}/ fi