From ef62f6b38315b8e8cea2741bd2642b6b17cd0375 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Mon, 12 Jun 2017 10:45:12 +0200
Subject: [PATCH] Acme tool checks for valid autodiscover and autoconfig A
 records and skips non-existing names Todo: Add AAAA check, add check for
 additional_san

---
 data/Dockerfiles/acme/Dockerfile           | 14 +++++
 data/Dockerfiles/acme/docker-entrypoint.sh | 59 ++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 data/Dockerfiles/acme/Dockerfile
 create mode 100755 data/Dockerfiles/acme/docker-entrypoint.sh

diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
new file mode 100644
index 00000000..0ecb92b4
--- /dev/null
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine:3.6
+
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+
+RUN apk add --update --no-cache \
+	bash \
+	acme-client \
+	curl \
+	openssl \
+	bind-tools
+
+COPY docker-entrypoint.sh /srv/docker-entrypoint.sh
+
+ENTRYPOINT ["/srv/docker-entrypoint.sh"]
diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh
new file mode 100755
index 00000000..f2bfd8b1
--- /dev/null
+++ b/data/Dockerfiles/acme/docker-entrypoint.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+ACME_BASE=/var/lib/acme
+mkdir -p ${ACME_BASE}/acme/private
+
+restart_containers(){
+	for container in $*; do
+		curl -X POST \
+			--unix-socket /var/run/docker.sock \
+			"http/containers/${container}/restart"
+	done
+}
+
+while true; do
+
+	AUTODISCOVER=
+	AUTODISCOVER_A=$(dig a autodiscover.${MAILCOW_HOSTNAME#*} +short @208.67.220.222)
+	if [[ ! -z ${AUTODISCOVER_A} ]]; then
+		if [[ $(curl -4s https://mailcow.email/ip.php) == ${AUTODISCOVER_A} ]]; then
+			AUTODISCOVER="autodiscover.${MAILCOW_HOSTNAME#*}"
+		fi
+	fi
+
+	AUTOCONFIG=
+	AUTOCONFIG_A=$(dig a autoconfig.${MAILCOW_HOSTNAME#*} +short @208.67.220.222)
+	if [[ ! -z ${AUTOCONFIG_A} ]]; then
+		if [[ $(curl -4s https://mailcow.email/ip.php) == ${AUTOCONFIG_A} ]]; then
+			AUTOCONFIG="autoconfig.${MAILCOW_HOSTNAME#*}"
+		fi
+	fi
+
+	acme-client \
+		-v -b -N -n \
+		-f ${ACME_BASE}/acme/private/account.key \
+		-k ${ACME_BASE}/acme/private/privkey.pem \
+		-c ${ACME_BASE}/acme \
+		${MAILCOW_HOSTNAME} ${AUTOCONFIG} ${AUTODISCOVER} ${ADDITIONAL_SAN}
+
+	case "$?" in
+		0) # new certs
+			# cp the new certificates and keys
+			cp ${ACME_BASE}/acme/fullchain.pem ${ACME_BASE}/cert.pem
+			cp ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/key.pem
+
+			# restart docker containers
+			restart_containers ${CONTAINERS_RESTART}
+			;;
+		1) # failure
+			exit 1;;
+		2) # no change
+			;;
+		*) # unspecified
+			exit 1;;
+	esac
+
+	echo "ACME certificate validation done. Sleeping for another day."
+	sleep 86400
+
+done