mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-23 07:27:05 +00:00
setup dns authentication for letsencrypt
This commit is contained in:
parent
fc1f211af5
commit
514619b44a
1
.gitignore
vendored
1
.gitignore
vendored
@ -5,3 +5,4 @@ tools/__pycache__/
|
||||
externals/
|
||||
.env
|
||||
.vagrant
|
||||
.idea/
|
||||
|
@ -313,6 +313,7 @@ def provision_certificates(env, limit_domains):
|
||||
webroot = os.path.join(account_path, 'webroot')
|
||||
os.makedirs(webroot, exist_ok=True)
|
||||
with tempfile.TemporaryDirectory() as d:
|
||||
miab_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
cert_file = os.path.join(d, 'cert_and_chain.pem')
|
||||
print("Provisioning TLS certificates for " + ", ".join(domain_list) + ".")
|
||||
certbotret = subprocess.check_output([
|
||||
@ -328,7 +329,10 @@ def provision_certificates(env, limit_domains):
|
||||
"--chain-path", os.path.join(d, 'chain'), # we only use the full chain
|
||||
"--fullchain-path", cert_file,
|
||||
|
||||
"--webroot", "--webroot-path", webroot,
|
||||
"--manual",
|
||||
"--preferred-challenge", "dns",
|
||||
"--manual-auth-hook", os.path.join(miab_dir, "/tools/dns-auth.sh"),
|
||||
"--manual-cleanup-hook", os.path.join(miab_dir, "/tools/dns-cleanup.sh"),
|
||||
|
||||
"--config-dir", account_path,
|
||||
#"--staging",
|
||||
|
@ -1,2 +1,10 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# TODO: Make work with port other than 443
|
||||
|
||||
API_KEY=`cat /var/lib/mailinabox/api.key`
|
||||
HOSTNAME=`hostname`
|
||||
|
||||
curl -s -X PUT -d "$CERTBOT_VALIDATION" --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
|
||||
|
||||
sleep 15
|
||||
|
8
tools/dns-cleanup.sh
Executable file
8
tools/dns-cleanup.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# TODO: Make work with port other than 443
|
||||
|
||||
API_KEY=`cat /var/lib/mailinabox/api.key`
|
||||
HOSTNAME=`hostname`
|
||||
|
||||
curl -s -X DELETE --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
|
Loading…
Reference in New Issue
Block a user