From e3560414dc749010bd1d745eb29f801f351a2d85 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 23 Nov 2023 07:50:53 -0600 Subject: [PATCH 1/3] Run certbot as root to allow fix http validation Fixes regression from https://github.com/linuxserver/docker-swag/pull/399 Signed-off-by: Eric Nemchik --- readme-vars.yml | 1 + root/etc/crontabs/{abc => root} | 0 root/etc/s6-overlay/s6-rc.d/init-certbot-config/run | 10 +++++----- 3 files changed, 6 insertions(+), 5 deletions(-) rename root/etc/crontabs/{abc => root} (100%) diff --git a/readme-vars.yml b/readme-vars.yml index 3cd4ccc..9260487 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -153,6 +153,7 @@ app_setup_block: | # changelog changelogs: + - { date: "23.11.23:", desc: "Run certbot as root to allow fix http validation." } - { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." } - { date: "28.08.23:", desc: "Add Namecheap DNS plugin." } - { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." } diff --git a/root/etc/crontabs/abc b/root/etc/crontabs/root similarity index 100% rename from root/etc/crontabs/abc rename to root/etc/crontabs/root diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index c233e2c..800a806 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -199,9 +199,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] || REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") fi if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true else - s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true + certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true fi rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} fi @@ -214,9 +214,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true else - s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true + certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true fi rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} fi @@ -349,7 +349,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini fi echo "Generating new certificate" - s6-setuidgid abc certbot certonly --non-interactive --renew-by-default + certbot certonly --non-interactive --renew-by-default if [[ ! -d /config/keys/letsencrypt ]]; then if [[ "${VALIDATION}" = "dns" ]]; then echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." From 5fc5825afd618650b62deeaa84cac5e91aba9b47 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Tue, 28 Nov 2023 19:50:37 +0000 Subject: [PATCH 2/3] Bot Updating Templated Files --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a6e7451..86057ba 100644 --- a/README.md +++ b/README.md @@ -401,6 +401,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **23.11.23:** - Run certbot as root to allow fix http validation. * **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin. * **28.08.23:** - Add Namecheap DNS plugin. * **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI. From eba3c341fa00dfe0def40b5652ee24836e090670 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Tue, 28 Nov 2023 19:55:58 +0000 Subject: [PATCH 3/3] Bot Updating Package Versions --- package_versions.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 67b0ae3..c4e9c65 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -23,8 +23,8 @@ azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.1.0 python bash 5.2.15-r5 apk beautifulsoup4 4.12.2 python -boto3 1.29.6 python -botocore 1.32.6 python +boto3 1.33.1 python +botocore 1.33.1 python brotli-libs 1.0.9-r14 apk bs4 0.0.1 python busybox 1.36.1-r5 apk @@ -80,10 +80,10 @@ certbot-plugin-gandi 1.5.0 python certifi 2023.11.17 python cffi 1.16.0 python charset-normalizer 3.3.2 python -cloudflare 2.12.4 python +cloudflare 2.14.2 python configobj 5.0.8 python coreutils 9.3-r1 apk -cryptography 41.0.5 python +cryptography 41.0.7 python curl 8.4.0-r0 apk dataclasses-json 0.5.14 python distro 1.8.0 python @@ -122,7 +122,7 @@ gpgv 2.4.3-r0 apk httplib2 0.22.0 python icu-data-en 73.2-r2 apk icu-libs 73.2-r2 apk -idna 3.5 python +idna 3.6 python importlib-metadata 6.8.0 python ip6tables 1.8.9-r2 apk iptables 1.8.9-r2 apk @@ -233,7 +233,7 @@ packaging 23.2 python parsedatetime 2.6 python pcre 8.45-r3 apk pcre2 10.42-r1 apk -perl 5.36.1-r2 apk +perl 5.36.2-r0 apk perl-error 0.17029-r1 apk perl-git 2.40.1-r0 apk php82 8.2.12-r0 apk @@ -313,7 +313,7 @@ requests 2.31.0 python requests-file 1.5.1 python requests-mock 1.11.0 python rsa 4.9 python -s3transfer 0.7.0 python +s3transfer 0.8.0 python scanelf 1.3.7-r1 apk setuptools 65.5.0 python shadow 4.13-r4 apk @@ -331,7 +331,7 @@ unixodbc 2.3.11-r2 apk uritemplate 4.1.1 python urllib3 1.26.18 python utmps-libs 0.1.2.1-r1 apk -wheel 0.41.3 python +wheel 0.42.0 python whois 5.5.17-r0 apk xz-libs 5.4.3-r0 apk zipp 3.17.0 python