From e19e6b9e9245ff32f662612c7381b14d60062306 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Mar 2020 14:59:24 +0100 Subject: [PATCH] [ACME] Force renewal with force_renew file, docs will follow --- data/Dockerfiles/acme/acme.sh | 1 + data/Dockerfiles/acme/obtain-certificate.sh | 4 ++-- docker-compose.yml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh index 56145b25..0b0eadb1 100755 --- a/data/Dockerfiles/acme/acme.sh +++ b/data/Dockerfiles/acme/acme.sh @@ -345,6 +345,7 @@ while true; do # reload on new or changed certificates if [[ "${CERT_CHANGED}" == "1" ]]; then + rm -f "${ACME_BASE}/force_renew" 2> /dev/null CERT_AMOUNT_CHANGED=${CERT_AMOUNT_CHANGED} /srv/reload-configurations.sh fi diff --git a/data/Dockerfiles/acme/obtain-certificate.sh b/data/Dockerfiles/acme/obtain-certificate.sh index 27070ae9..97da9d5b 100644 --- a/data/Dockerfiles/acme/obtain-certificate.sh +++ b/data/Dockerfiles/acme/obtain-certificate.sh @@ -39,8 +39,8 @@ else fi if [[ -f ${DOMAINS_FILE} && "$(cat ${DOMAINS_FILE})" == "${CERT_DOMAINS[*]}" ]]; then - if [[ ! -f ${CERT} || ! -f "${KEY}" ]]; then - log_f "Certificate ${CERT} doesn't exist yet - start obtaining" + if [[ ! -f ${CERT} || ! -f "${KEY}" || -f "${ACME_BASE}/force_renew" ]]; then + log_f "Certificate ${CERT} doesn't exist yet or forced renewal - start obtaining" # Certificate exists and did not change but could be due for renewal (30 days) elif ! openssl x509 -checkend 2592000 -noout -in ${CERT} > /dev/null; then log_f "Certificate ${CERT} is due for renewal (< 30 days) - start renewing" diff --git a/docker-compose.yml b/docker-compose.yml index 7f53e3e9..6c5fd33e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -333,7 +333,7 @@ services: acme-mailcow: depends_on: - nginx-mailcow - image: mailcow/acme:1.67 + image: mailcow/acme:1.68 dns: - ${IPV4_NETWORK:-172.22.1}.254 environment: