Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-06-28 15:42:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Run certbot as root to allow fix http validation

Browse Source 
Fixes regression from https://github.com/linuxserver/docker-swag/pull/399

Signed-off-by: Eric Nemchik <eric@nemchik.com>
This commit is contained in:
Eric Nemchik 2023-11-23 07:50:53 -06:00 committed by Peglah
parent ad1884e5b4
commit 4f92460b29
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
readme-vars.yml
View File

@ -155,6 +155,7 @@ app_setup_block: |
changelogs:
- { date: "01.01.24:", desc: "Add GleSYS DNS plugin." }
- { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404." }
- { date: "23.11.23:", desc: "Run certbot as root to allow fix http validation." }
- { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
- { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
- { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }

0
root/etc/crontabs/abc → root/etc/crontabs/root
View File

10
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -199,9 +199,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else
s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
@ -214,9 +214,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else
s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
@ -349,7 +349,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
fi
echo "Generating new certificate"
s6-setuidgid abc certbot certonly --non-interactive --renew-by-default
certbot certonly --non-interactive --renew-by-default
if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."