Minor tweaks to letsencrypt configuration. (#288)

The letsencrypt-auto client creates cert.pem, chain.pem, fullchain.pem, and
privkey.pem in its default settings.  The simp_le client creates cert.pem,
fullchain.pem, and key.pem in its default settings.

A check for either privkey.pem or key.pem was added.

The chain.pem file was only used by the letsencrypt code for the creation of
combined.pem, which is not used by either postfix or dovecot.

The code to create a combined.pem file for letsencrypt was removed, as was the
corresponding test.
This commit is contained in:
Jack Twilley 2016-08-29 04:46:16 -07:00 committed by Thomas VIAL
parent 98e59a7abe
commit cd7bc5f6bc
2 changed files with 17 additions and 18 deletions

View file

@ -121,12 +121,15 @@ case $SSL_TYPE in
"letsencrypt" )
# letsencrypt folders and files mounted in /etc/letsencrypt
if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \
&& [ -e "/etc/letsencrypt/live/$(hostname)/chain.pem" ] \
&& [ -e "/etc/letsencrypt/live/$(hostname)/fullchain.pem" ] \
&& [ -e "/etc/letsencrypt/live/$(hostname)/privkey.pem" ]; then
&& [ -e "/etc/letsencrypt/live/$(hostname)/fullchain.pem" ]; then
KEY=""
if [ -e "/etc/letsencrypt/live/$(hostname)/privkey.pem" ]; then
KEY="/etc/letsencrypt/live/$(hostname)/privkey.pem"
elif [ -e "/etc/letsencrypt/live/$(hostname)/key.pem" ]; then
KEY="/etc/letsencrypt/live/$(hostname)/key.pem"
fi
if [ -n "$KEY" ]; then
echo "Adding $(hostname) SSL certificate"
# create combined.pem from (cert|chain|privkey).pem with eol after each .pem
sed -e '$a\' -s /etc/letsencrypt/live/$(hostname)/{cert,chain,privkey}.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
# Postfix configuration
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf
@ -139,6 +142,7 @@ case $SSL_TYPE in
echo "SSL configured with 'letsencrypt' certificates"
fi
fi
;;
"custom" )

View file

@ -428,11 +428,6 @@
[ "$output" -eq 2 ]
}
@test "checking ssl: letsencrypt combined.pem generated correctly" {
run docker exec mail_pop3 ls -1 /etc/letsencrypt/live/mail.my-domain.com/combined.pem
[ "$status" -eq 0 ]
}
@test "checking ssl: letsencrypt cert works correctly" {
run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
[ "$status" -eq 0 ]