mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Modified letsencrypt support to add domain name checking in addition to
hostname checking. Added necessary tests and renamed original manual ssl test to a name that supports adding the other SSL tests.
This commit is contained in:
parent
f0defda2a1
commit
1b659a5574
|
@ -1043,34 +1043,48 @@ function _setup_ssl() {
|
|||
# SSL certificate Configuration
|
||||
case $SSL_TYPE in
|
||||
"letsencrypt" )
|
||||
# letsencrypt folders and files mounted in /etc/letsencrypt
|
||||
if [ -e "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem" ]; then
|
||||
KEY=""
|
||||
if [ -e "/etc/letsencrypt/live/$HOSTNAME/privkey.pem" ]; then
|
||||
KEY="privkey"
|
||||
elif [ -e "/etc/letsencrypt/live/$HOSTNAME/key.pem" ]; then
|
||||
KEY="key"
|
||||
else
|
||||
notify 'err' "Cannot access '/etc/letsencrypt/live/"$HOSTNAME"/privkey.pem' nor 'key.pem'"
|
||||
fi
|
||||
if [ -n "$KEY" ]; then
|
||||
notify 'inf' "Adding $HOSTNAME SSL certificate"
|
||||
notify 'inf' "Configuring SSL using 'letsecnrypt'"
|
||||
# letsencrypt folders and files mounted in /etc/letsencrypt
|
||||
local LETSENCRYPT_DOMAIN=""
|
||||
local LETSENCRYPT_KEY=""
|
||||
|
||||
# Postfix configuration
|
||||
sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$HOSTNAME'/fullchain.pem~g' /etc/postfix/main.cf
|
||||
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/letsencrypt/live/'$HOSTNAME'/'"$KEY"'\.pem~g' /etc/postfix/main.cf
|
||||
|
||||
# Dovecot configuration
|
||||
sed -i -e 's~ssl_cert = </etc/dovecot/ssl/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$HOSTNAME'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i -e 's~ssl_key = </etc/dovecot/ssl/dovecot\.key~ssl_key = </etc/letsencrypt/live/'$HOSTNAME'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
|
||||
notify 'inf' "SSL configured with 'letsencrypt' certificates"
|
||||
else
|
||||
notify 'err' "Key filename not set!"
|
||||
fi
|
||||
# first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert
|
||||
if [ -e "/etc/letsencrypt/live/$HOSTNAME/fullchain.pem" ]; then
|
||||
LETSENCRYPT_DOMAIN=$HOSTNAME
|
||||
elif [ -e "/etc/letsencrypt/live/$DOMAINNAME/fullchain.pem" ]; then
|
||||
LETSENCRYPT_DOMAIN=$DOMAINNAME
|
||||
else
|
||||
notify 'err' "Cannot access '/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem'"
|
||||
notify 'err' "Cannot access '/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem' or '/etc/letsencrypt/live/"$DOMAINNAME"/fullchain.pem'"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# then determine the keyfile to use
|
||||
if [ -n "$LETSENCRYPT_DOMAIN" ]; then
|
||||
if [ -e "/etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/privkey.pem" ]; then
|
||||
LETSENCRYPT_KEY="privkey"
|
||||
elif [ -e "/etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/key.pem" ]; then
|
||||
LETSENCRYPT_KEY="key"
|
||||
else
|
||||
notify 'err' "Cannot access '/etc/letsencrypt/live/"$LETSENCRYPT_DOMAIN"/privkey.pem' nor 'key.pem'"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# finally, make the changes to the postfix and dovecot configurations
|
||||
if [ -n "$LETSENCRYPT_KEY" ]; then
|
||||
notify 'inf' "Adding $LETSENCRYPT_DOMAIN SSL certificate to the postfix and dovecot configuration"
|
||||
|
||||
# Postfix configuration
|
||||
sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$LETSENCRYPT_DOMAIN'/fullchain.pem~g' /etc/postfix/main.cf
|
||||
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/letsencrypt/live/'$LETSENCRYPT_DOMAIN'/'"$LETSENCRYPT_KEY"'\.pem~g' /etc/postfix/main.cf
|
||||
|
||||
# Dovecot configuration
|
||||
sed -i -e 's~ssl_cert = </etc/dovecot/ssl/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$LETSENCRYPT_DOMAIN'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
sed -i -e 's~ssl_key = </etc/dovecot/ssl/dovecot\.key~ssl_key = </etc/letsencrypt/live/'$LETSENCRYPT_DOMAIN'/'"$LETSENCRYPT_KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
|
||||
notify 'inf' "SSL configured with 'letsencrypt' certificates"
|
||||
fi
|
||||
return 0
|
||||
;;
|
||||
"custom" )
|
||||
# Adding CA signed SSL certificate if provided in 'postfix/ssl' folder
|
||||
|
|
30
test/config/letsencrypt/my-domain.com/cert.pem
Normal file
30
test/config/letsencrypt/my-domain.com/cert.pem
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFGTCCBAGgAwIBAgISA50jj6A/ilExMla41PwSejyBMA0GCSqGSIb3DQEBCwUA
|
||||
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
|
||||
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA0MTkxOTA1MDBaFw0x
|
||||
NjA3MTgxOTA1MDBaMBUxEzARBgNVBAMTCmlmdXNpby5jb20wggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQCcClf+Pee1EItdnjagOUQuwA4SLLiKCf5T+2Ec
|
||||
BPnwMGKtDb/TBWc8KEHQGxYCdtamFciT+OXUlJGjPGEna4DAKANi5njmq+TQFb7J
|
||||
ipA7pfQ4fp/2OqG3e6SwNvWurJlHIigiLe1lbc+7rt/5hon7Jwn260x/XaPHXRkU
|
||||
Aiy5FSDVeXnnCL5QOu5srnHrdTlWpEnz9WUvYCj3DMR38gxojnmpj48aMRRtrBAO
|
||||
NlxT9TssHoKvDXI1bEbeb2tpmC/+kRPusIukiucc3Fo9R/sHXjFkD7mK2UMb0ULE
|
||||
BG2D4wwEINUSG3B3wsu0eywAlkpX1UcFzdFTtsjU7V2a06jBAgMBAAGjggIsMIIC
|
||||
KDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
|
||||
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOKqRnKTd2adWD+SndSZVFPsLVJkMB8G
|
||||
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAv
|
||||
BggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
|
||||
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
|
||||
MDYGA1UdEQQvMC2CCmlmdXNpby5jb22CD21haWwuaWZ1c2lvLmNvbYIOd3d3Lmlm
|
||||
dXNpby5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEB
|
||||
MIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYI
|
||||
KwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGll
|
||||
ZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNl
|
||||
IHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xl
|
||||
dHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAgzf9
|
||||
DVCdVtKvlmGeT2puHU5ULf3t/JD6NL3ocuBMsDQPOHxa6kkyd6xqdBAelNSfEYv+
|
||||
BVfQp6Wox2IGrwfqqvNNzPGTHLxSpK94Gk0eeg7YhcxjoOryv4FgowQOax5J0OSS
|
||||
WIdAFVykPs87WKyHNY8W1zle/Ye9yjS6bjHdjqnOiG/7qDQ/DDYGn7ILHAHmUZYy
|
||||
1QQ0EdffNkLpkmCnTnotgBUpqmDt7pMNZRuYFTQq631ihe7jRXjSkgWS7tTfUT15
|
||||
SesUIo1NbjCJmBceFd2c/srgVlbWc2LXt7Qf5yxWJyhT16r/M7ok0btH25D5azk2
|
||||
TKdnq/QFhHWVZUr3hg==
|
||||
-----END CERTIFICATE-----
|
27
test/config/letsencrypt/my-domain.com/chain.pem
Normal file
27
test/config/letsencrypt/my-domain.com/chain.pem
Normal file
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
||||
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
||||
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
||||
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
||||
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
||||
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
||||
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
||||
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
||||
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
||||
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
||||
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
||||
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
||||
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
||||
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
||||
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
||||
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
||||
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
||||
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
||||
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||
-----END CERTIFICATE-----
|
57
test/config/letsencrypt/my-domain.com/fullchain.pem
Normal file
57
test/config/letsencrypt/my-domain.com/fullchain.pem
Normal file
|
@ -0,0 +1,57 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFGTCCBAGgAwIBAgISA50jj6A/ilExMla41PwSejyBMA0GCSqGSIb3DQEBCwUA
|
||||
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
|
||||
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA0MTkxOTA1MDBaFw0x
|
||||
NjA3MTgxOTA1MDBaMBUxEzARBgNVBAMTCmlmdXNpby5jb20wggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQCcClf+Pee1EItdnjagOUQuwA4SLLiKCf5T+2Ec
|
||||
BPnwMGKtDb/TBWc8KEHQGxYCdtamFciT+OXUlJGjPGEna4DAKANi5njmq+TQFb7J
|
||||
ipA7pfQ4fp/2OqG3e6SwNvWurJlHIigiLe1lbc+7rt/5hon7Jwn260x/XaPHXRkU
|
||||
Aiy5FSDVeXnnCL5QOu5srnHrdTlWpEnz9WUvYCj3DMR38gxojnmpj48aMRRtrBAO
|
||||
NlxT9TssHoKvDXI1bEbeb2tpmC/+kRPusIukiucc3Fo9R/sHXjFkD7mK2UMb0ULE
|
||||
BG2D4wwEINUSG3B3wsu0eywAlkpX1UcFzdFTtsjU7V2a06jBAgMBAAGjggIsMIIC
|
||||
KDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
|
||||
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOKqRnKTd2adWD+SndSZVFPsLVJkMB8G
|
||||
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAv
|
||||
BggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
|
||||
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
|
||||
MDYGA1UdEQQvMC2CCmlmdXNpby5jb22CD21haWwuaWZ1c2lvLmNvbYIOd3d3Lmlm
|
||||
dXNpby5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEB
|
||||
MIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYI
|
||||
KwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGll
|
||||
ZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNl
|
||||
IHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xl
|
||||
dHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAgzf9
|
||||
DVCdVtKvlmGeT2puHU5ULf3t/JD6NL3ocuBMsDQPOHxa6kkyd6xqdBAelNSfEYv+
|
||||
BVfQp6Wox2IGrwfqqvNNzPGTHLxSpK94Gk0eeg7YhcxjoOryv4FgowQOax5J0OSS
|
||||
WIdAFVykPs87WKyHNY8W1zle/Ye9yjS6bjHdjqnOiG/7qDQ/DDYGn7ILHAHmUZYy
|
||||
1QQ0EdffNkLpkmCnTnotgBUpqmDt7pMNZRuYFTQq631ihe7jRXjSkgWS7tTfUT15
|
||||
SesUIo1NbjCJmBceFd2c/srgVlbWc2LXt7Qf5yxWJyhT16r/M7ok0btH25D5azk2
|
||||
TKdnq/QFhHWVZUr3hg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
||||
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
||||
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
||||
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
||||
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
||||
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
||||
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
||||
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
||||
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
||||
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
||||
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
||||
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
||||
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
||||
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
||||
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
||||
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
||||
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
||||
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
||||
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||
-----END CERTIFICATE-----
|
28
test/config/letsencrypt/my-domain.com/key.pem
Normal file
28
test/config/letsencrypt/my-domain.com/key.pem
Normal file
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCcClf+Pee1EItd
|
||||
njagOUQuwA4SLLiKCf5T+2EcBPnwMGKtDb/TBWc8KEHQGxYCdtamFciT+OXUlJGj
|
||||
PGEna4DAKANi5njmq+TQFb7JipA7pfQ4fp/2OqG3e6SwNvWurJlHIigiLe1lbc+7
|
||||
rt/5hon7Jwn260x/XaPHXRkUAiy5FSDVeXnnCL5QOu5srnHrdTlWpEnz9WUvYCj3
|
||||
DMR38gxojnmpj48aMRRtrBAONlxT9TssHoKvDXI1bEbeb2tpmC/+kRPusIukiucc
|
||||
3Fo9R/sHXjFkD7mK2UMb0ULEBG2D4wwEINUSG3B3wsu0eywAlkpX1UcFzdFTtsjU
|
||||
7V2a06jBAgMBAAECggEAM+cA49FljAWHxckFdH/33PEG/Sag71FppjecUnyZQjpl
|
||||
6BgFsUQ/1XOyiG0qAgHTXgUq5YVJtU8BrmE8E6efeMsWbUQp/Ng6ULia8GDFnwGR
|
||||
XWVJAdb4yZY37mEpkUNZ7J5A6TWLnExNZ6lAWLhWlxKiLt6PYGIeQwcFe3FJvPn0
|
||||
GUSFYXYLJq9lIirQvl6lVzljpP6qvFQEqa4dgWqBOrC2/jL4amKK71N23sFnz0sQ
|
||||
UqjP72c7Nr+4xMOhsGetV1mYgPqAoR5W3XZRqDPeZ6f0FJ7L5xG69YJeo7MrXhKl
|
||||
N9kLhbGR/FH3IHdo7tRb2oGmHDLNJf9z/mBEerSW0QKBgQDPHCc59tCwmF1UV4eV
|
||||
fhRoq4Qyp8wF2ItJTMd12LJOX67eNJy6v93AhuaPgKp/kRMul5ZjL90UV1ISl/lz
|
||||
eYzgreMttCtRhZxUSvBo6w32NSacoiKcZojyTdyZPuOeAG2RxNHh+n+NZ7NjIWvG
|
||||
7xlW9HXQOPi8xlHpDfDs+7EgXQKBgQDA4AJlor22dExGuDOLlO0et+TVhErqXFSZ
|
||||
CtRmwsL+XTeSKyngZcyu1YnyoNOA9vGyOk26AW+WV9N9U6rwVs8CVczee5eKPZJN
|
||||
xQZjUo+fep3xIFvBpgnadfrodxjD8XMpHcb0I/ZRICZKqIVv9q+FzEXqE+HsfD3B
|
||||
kBfZ8GZztQKBgEVSdw6/vjpdxV9lrMws10fxoN4TrAaI5JY0TM71KTlybWWS1qLr
|
||||
dZ3riWCfAHKSbIk70+p/KtCUKbRvid9M4AqUKWYy2A0BW8IbEz0K8DFouPPUkSEo
|
||||
cM4poZzpn+ZS3lncNyQcZHVAMJsNpLWBcknYqVZ4u0j0WJZZRDsOQ8tBAoGBAK2p
|
||||
BH9+iFI/ZG5IbCDBdr6x1NhqxQk/GOyzU4sy0V81j1OMiagCAMlqe0p6g/UaY4SV
|
||||
+mX/5Pj5GvM84iyD/N+dYVjw7wEJbzGWtKm5LJfrT0pMWFGDrluE3uVwVlwWihn7
|
||||
NaecuatRxyhxk7O76U4PHuQkAsdrFi+yDcetLJIBAoGBAJHUMttKQ9/sc6EYgdym
|
||||
u8hMi/WGrt5eOOAJ17lY53eRZLci7s1mfsWIF9b0N50iE60SaFADQiMRAUtkJXNI
|
||||
a55qdpalVHsAE4Wwh7nlKLkaDEartx5X1qSTFw4fTMyKNOveiggQ/i9LZpFxsz22
|
||||
3V+7jPJaCNyPbmOevXGhBEjr
|
||||
-----END PRIVATE KEY-----
|
|
@ -12,14 +12,11 @@ function setup_file() {
|
|||
docker run -d --name mail_pop3 \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \
|
||||
-e ENABLE_POP3=1 \
|
||||
-e DMS_DEBUG=0 \
|
||||
-e SSL_TYPE=letsencrypt \
|
||||
-h mail.my-domain.com -t ${NAME}
|
||||
|
||||
wait_for_finished_setup_in_container mail_pop3
|
||||
|
||||
}
|
||||
|
||||
function teardown_file() {
|
||||
|
@ -64,24 +61,6 @@ function teardown_file() {
|
|||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# ssl
|
||||
#
|
||||
|
||||
@test "checking ssl: letsencrypt configuration is correct" {
|
||||
run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/postfix/main.cf | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
run docker exec mail_pop3 /bin/sh -c 'grep -ir "/etc/letsencrypt/live/mail.my-domain.com/" /etc/dovecot/conf.d/10-ssl.conf | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
}
|
||||
|
||||
@test "checking ssl: letsencrypt cert works correctly" {
|
||||
run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# system
|
||||
#
|
||||
|
|
84
test/mail_ssl_letsencrypt.bats
Normal file
84
test/mail_ssl_letsencrypt.bats
Normal file
|
@ -0,0 +1,84 @@
|
|||
load 'test_helper/common'
|
||||
|
||||
function setup() {
|
||||
run_setup_file_if_necessary
|
||||
}
|
||||
|
||||
function teardown() {
|
||||
run_teardown_file_if_necessary
|
||||
}
|
||||
|
||||
function setup_file() {
|
||||
docker run -d --name mail_lets_domain \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "`pwd`/test/config/letsencrypt/my-domain.com":/etc/letsencrypt/live/my-domain.com \
|
||||
-e DMS_DEBUG=0 \
|
||||
-e SSL_TYPE=letsencrypt \
|
||||
-h mail.my-domain.com -t ${NAME}
|
||||
wait_for_finished_setup_in_container mail_lets_domain
|
||||
|
||||
docker run -d --name mail_lets_hostname \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-v "`pwd`/test/config/letsencrypt/mail.my-domain.com":/etc/letsencrypt/live/mail.my-domain.com \
|
||||
-e DMS_DEBUG=0 \
|
||||
-e SSL_TYPE=letsencrypt \
|
||||
-h mail.my-domain.com -t ${NAME}
|
||||
wait_for_finished_setup_in_container mail_lets_hostname
|
||||
}
|
||||
|
||||
function teardown_file() {
|
||||
docker rm -f mail_lets_domain
|
||||
docker rm -f mail_lets_hostname
|
||||
}
|
||||
|
||||
# this test must come first to reliably identify when to run setup_file
|
||||
@test "first" {
|
||||
skip 'Starting testing of letsencrypt SSL'
|
||||
}
|
||||
|
||||
@test "checking ssl: letsencrypt configuration is correct" {
|
||||
#test domain has certificate files
|
||||
run docker exec mail_lets_domain /bin/sh -c 'postconf | grep "smtpd_tls_cert_file = /etc/letsencrypt/live/my-domain.com/fullchain.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
run docker exec mail_lets_domain /bin/sh -c 'postconf | grep "smtpd_tls_key_file = /etc/letsencrypt/live/my-domain.com/key.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
run docker exec mail_lets_domain /bin/sh -c 'doveconf | grep "ssl_cert = </etc/letsencrypt/live/my-domain.com/fullchain.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
run docker exec mail_lets_domain /bin/sh -c 'doveconf -P | grep "ssl_key = </etc/letsencrypt/live/my-domain.com/key.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
#test hostname has certificate files
|
||||
run docker exec mail_lets_hostname /bin/sh -c 'postconf | grep "smtpd_tls_cert_file = /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
run docker exec mail_lets_hostname /bin/sh -c 'postconf | grep "smtpd_tls_key_file = /etc/letsencrypt/live/mail.my-domain.com/privkey.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
run docker exec mail_lets_hostname /bin/sh -c 'doveconf | grep "ssl_cert = </etc/letsencrypt/live/mail.my-domain.com/fullchain.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
run docker exec mail_lets_hostname /bin/sh -c 'doveconf -P | grep "ssl_key = </etc/letsencrypt/live/mail.my-domain.com/privkey.pem" | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking ssl: letsencrypt cert works correctly" {
|
||||
run docker exec mail_lets_domain /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
||||
assert_success
|
||||
run docker exec mail_lets_domain /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:465 -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
||||
assert_success
|
||||
run docker exec mail_lets_hostname /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
||||
assert_success
|
||||
run docker exec mail_lets_hostname /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:465 -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
||||
assert_success
|
||||
}
|
||||
|
||||
# this test is only there to reliably mark the end for the teardown_file
|
||||
@test "last" {
|
||||
skip 'Finished testing of letsencrypt SSL'
|
||||
}
|
Loading…
Reference in a new issue