From 832dde3b35bfa017e6d45230e1fb10916e13d522 Mon Sep 17 00:00:00 2001 From: aptalca Date: Sun, 20 Dec 2020 16:55:11 -0500 Subject: [PATCH] remove unnecessary eab retrieval also suppress error when no proxy confs are activated --- root/etc/cont-init.d/50-config | 16 ++++++++++------ root/etc/cont-init.d/70-templates | 2 +- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index 2481355..a69845c 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -124,10 +124,7 @@ if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then fi if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then echo "ZeroSSL is selected as the cert provider, registering cert with $EMAIL" - EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL") - ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") - ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") - ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}" + ACMESERVER="https://acme.zerossl.com/v2/DV90" elif [ "$CERTPROVIDER" = "zerossl" ] && [ -z "$EMAIL" ]; then echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable" sleep infinity @@ -276,9 +273,16 @@ fi # generating certs if necessary if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then + if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then + echo "Retrieving EAB from ZeroSSL" + EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL") + ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") + ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") + ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}" + fi echo "Generating new certificate" - # shellcheck disable=SC2086 - certbot certonly --renew-by-default --server $ACMESERVER $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URL_REAL + # shellcheck disable=SC2086 + certbot certonly --renew-by-default --server $ACMESERVER $ZEROSSL_EAB $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URL_REAL if [ -d /config/keys/letsencrypt ]; then cd /config/keys/letsencrypt || exit else diff --git a/root/etc/cont-init.d/70-templates b/root/etc/cont-init.d/70-templates index 53b9f95..6b60ed1 100644 --- a/root/etc/cont-init.d/70-templates +++ b/root/etc/cont-init.d/70-templates @@ -24,7 +24,7 @@ if [ -n "$nginx_confs_changed" ]; then echo -e "${nginx_confs_changed}" fi -proxy_confs=$(ls /config/nginx/proxy-confs/*.conf) +proxy_confs=$(ls /config/nginx/proxy-confs/*.conf 2>/dev/null) for i in $proxy_confs; do if [ -f "${i}.sample" ]; then