Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-12-18 12:14:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #503 from linuxserver/zerossl-revoke

Browse Source 
fix zerossl cert revocation
This commit is contained in:
aptalca 2024-09-02 16:53:07 -04:00 committed by GitHub
commit 502d10303c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 4 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -400,6 +400,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **30.08.24:** - Fix zerossl cert revocation.
* **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings.
* **01.07.24:** - Fall back to iptables-legacy if iptables doesn't work.
* **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`.

1
readme-vars.yml
View File

@ -140,6 +140,7 @@ app_setup_block: |
# changelog
changelogs:
- { date: "30.08.24:", desc: "Fix zerossl cert revocation." }
- { date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
- { date: "01.07.24:", desc: "Fall back to iptables-legacy if iptables doesn't work." }
- { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }

13
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -189,24 +189,15 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
fi
if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
fi
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
else
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --key-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/privkey.pem --server "${REV_ACMESERVER[@]}" || true
else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi