Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-10-22 01:56:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

detect old root cert and revoke/regen

Browse source
This commit is contained in:
aptalca 2021-10-01 11:18:12 -04:00
parent 3f88a30d5c
commit a73daf773a
3 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
root/etc/cont-init.d/50-config
View file

@ -312,6 +312,14 @@ else
FILENAME="$DNSPLUGIN.ini"
fi
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [ -f "/config/keys/letsencrypt/chain.pem" ] && ([ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]) && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
rm -rf /config/etc/letsencrypt
mkdir -p /config/etc/letsencrypt
fi
# generating certs if necessary
if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then