fix: Monitor for changes in supported letsencrypt locations (#2279)

Previously we only monitored for `$HOSTNAME` in `/etc/letsencrypt/live` and only for hard-coded `.pem` filenames.

This ensures we check the locations of other locations that may not match `$HOSTNAME`, which we also support. Ideally in future at least the directory to look in would be better known in advance..
This commit is contained in:
Brennan Kinney 2021-11-05 12:08:57 +13:00 committed by GitHub
parent b1a74bd47a
commit 917f0f6a9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -260,6 +260,19 @@ CHKSUM_FILE=/tmp/docker-mailserver-config-chksum
# Compute checksums of monitored files.
function _monitored_files_checksums
{
# If a wildcard path pattern (or an empty ENV) would yield an invalid path
# or no results, `shopt -s nullglob` prevents it from being added.
shopt -s nullglob
# React to any cert changes within the following letsencrypt locations:
local DYNAMIC_FILES
for FILE in /etc/letsencrypt/live/"${SSL_DOMAIN}"/*.pem \
/etc/letsencrypt/live/"${HOSTNAME}"/*.pem \
/etc/letsencrypt/live/"${DOMAINNAME}"/*.pem
do
DYNAMIC_FILES="${DYNAMIC_FILES} ${FILE}"
done
(
cd /tmp/docker-mailserver || exit 1
exec sha512sum 2>/dev/null -- \
@ -268,9 +281,7 @@ function _monitored_files_checksums
postfix-aliases.cf \
dovecot-quotas.cf \
/etc/letsencrypt/acme.json \
"/etc/letsencrypt/live/${HOSTNAME}/key.pem" \
"/etc/letsencrypt/live/${HOSTNAME}/privkey.pem" \
"/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem"
"${DYNAMIC_FILES}"
)
}
export -f _monitored_files_checksums