mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Minor tweaks to letsencrypt configuration. (#288)
The letsencrypt-auto client creates cert.pem, chain.pem, fullchain.pem, and privkey.pem in its default settings. The simp_le client creates cert.pem, fullchain.pem, and key.pem in its default settings. A check for either privkey.pem or key.pem was added. The chain.pem file was only used by the letsencrypt code for the creation of combined.pem, which is not used by either postfix or dovecot. The code to create a combined.pem file for letsencrypt was removed, as was the corresponding test.
This commit is contained in:
parent
98e59a7abe
commit
cd7bc5f6bc
|
@ -121,12 +121,15 @@ case $SSL_TYPE in
|
|||
"letsencrypt" )
|
||||
# letsencrypt folders and files mounted in /etc/letsencrypt
|
||||
if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \
|
||||
&& [ -e "/etc/letsencrypt/live/$(hostname)/chain.pem" ] \
|
||||
&& [ -e "/etc/letsencrypt/live/$(hostname)/fullchain.pem" ] \
|
||||
&& [ -e "/etc/letsencrypt/live/$(hostname)/privkey.pem" ]; then
|
||||
&& [ -e "/etc/letsencrypt/live/$(hostname)/fullchain.pem" ]; then
|
||||
KEY=""
|
||||
if [ -e "/etc/letsencrypt/live/$(hostname)/privkey.pem" ]; then
|
||||
KEY="/etc/letsencrypt/live/$(hostname)/privkey.pem"
|
||||
elif [ -e "/etc/letsencrypt/live/$(hostname)/key.pem" ]; then
|
||||
KEY="/etc/letsencrypt/live/$(hostname)/key.pem"
|
||||
fi
|
||||
if [ -n "$KEY" ]; then
|
||||
echo "Adding $(hostname) SSL certificate"
|
||||
# create combined.pem from (cert|chain|privkey).pem with eol after each .pem
|
||||
sed -e '$a\' -s /etc/letsencrypt/live/$(hostname)/{cert,chain,privkey}.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
|
||||
|
||||
# Postfix configuration
|
||||
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf
|
||||
|
@ -139,6 +142,7 @@ case $SSL_TYPE in
|
|||
echo "SSL configured with 'letsencrypt' certificates"
|
||||
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
|
||||
"custom" )
|
||||
|
|
|
@ -428,11 +428,6 @@
|
|||
[ "$output" -eq 2 ]
|
||||
}
|
||||
|
||||
@test "checking ssl: letsencrypt combined.pem generated correctly" {
|
||||
run docker exec mail_pop3 ls -1 /etc/letsencrypt/live/mail.my-domain.com/combined.pem
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
@test "checking ssl: letsencrypt cert works correctly" {
|
||||
run docker exec mail_pop3 /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
||||
[ "$status" -eq 0 ]
|
||||
|
|
Loading…
Reference in a new issue