From 729bba5b57780cb7eb8273b89d3312109f16b92a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9?= Date: Wed, 27 Jun 2018 12:09:51 +0200 Subject: [PATCH] [ACME, Compose] Add new image; fix AAAA check for ADDITIONAL_SAN --- data/Dockerfiles/acme/docker-entrypoint.sh | 19 ++++++++++++++----- docker-compose.yml | 2 +- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh index 78fa4323..fdf67975 100755 --- a/data/Dockerfiles/acme/docker-entrypoint.sh +++ b/data/Dockerfiles/acme/docker-entrypoint.sh @@ -242,16 +242,25 @@ while true; do continue fi A_SAN=$(dig A ${SAN} +short | tail -n 1) - if [[ ! -z ${A_SAN} ]]; then + AAAA_SAN=$(dig AAAA ${SAN} +short | tail -n 1) + if [[ ! -z ${AAAA_SAN} ]]; then + log_f "Found AAAA record for ${SAN}: ${AAAA_SAN} - skipping A record check" + if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_SAN}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then + log_f "Confirmed AAAA record ${SAN}" + ADDITIONAL_VALIDATED_SAN=${SAN} + else + log_f "Cannot match your IP ${IPV6:-NO_IPV6_LINK} against hostname ${SAN} ($(expand ${AAAA_SAN}))" + fi + elif [[ ! -z ${A_SAN} ]]; then log_f "Found A record for ${SAN}: ${A_SAN}" if [[ ${IPV4:-ERR} == ${A_SAN} ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then - log_f "Confirmed A record ${SAN}" - ADDITIONAL_VALIDATED_SAN+=("${SAN}") + log_f "Confirmed A record ${A_SAN}" + ADDITIONAL_VALIDATED_SAN=${SAN} else - log_f "Cannot match your IP against hostname ${SAN}" + log_f "Cannot match your IP ${IPV4} against hostname ${SAN} (${A_SAN})" fi else - log_f "No A record for ${SAN} found" + log_f "No A or AAAA record found for hostname ${SAN}" fi done diff --git a/docker-compose.yml b/docker-compose.yml index 991a974f..b443446c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -297,7 +297,7 @@ services: depends_on: - nginx-mailcow - mysql-mailcow - image: mailcow/acme:1.30 + image: mailcow/acme:1.31 build: ./data/Dockerfiles/acme sysctls: - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}