mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-24 07:37:04 +00:00
setup dns authentication for letsencrypt
This commit is contained in:
parent
fc1f211af5
commit
514619b44a
1
.gitignore
vendored
1
.gitignore
vendored
@ -5,3 +5,4 @@ tools/__pycache__/
|
|||||||
externals/
|
externals/
|
||||||
.env
|
.env
|
||||||
.vagrant
|
.vagrant
|
||||||
|
.idea/
|
||||||
|
@ -313,6 +313,7 @@ def provision_certificates(env, limit_domains):
|
|||||||
webroot = os.path.join(account_path, 'webroot')
|
webroot = os.path.join(account_path, 'webroot')
|
||||||
os.makedirs(webroot, exist_ok=True)
|
os.makedirs(webroot, exist_ok=True)
|
||||||
with tempfile.TemporaryDirectory() as d:
|
with tempfile.TemporaryDirectory() as d:
|
||||||
|
miab_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||||
cert_file = os.path.join(d, 'cert_and_chain.pem')
|
cert_file = os.path.join(d, 'cert_and_chain.pem')
|
||||||
print("Provisioning TLS certificates for " + ", ".join(domain_list) + ".")
|
print("Provisioning TLS certificates for " + ", ".join(domain_list) + ".")
|
||||||
certbotret = subprocess.check_output([
|
certbotret = subprocess.check_output([
|
||||||
@ -328,7 +329,10 @@ def provision_certificates(env, limit_domains):
|
|||||||
"--chain-path", os.path.join(d, 'chain'), # we only use the full chain
|
"--chain-path", os.path.join(d, 'chain'), # we only use the full chain
|
||||||
"--fullchain-path", cert_file,
|
"--fullchain-path", cert_file,
|
||||||
|
|
||||||
"--webroot", "--webroot-path", webroot,
|
"--manual",
|
||||||
|
"--preferred-challenge", "dns",
|
||||||
|
"--manual-auth-hook", os.path.join(miab_dir, "/tools/dns-auth.sh"),
|
||||||
|
"--manual-cleanup-hook", os.path.join(miab_dir, "/tools/dns-cleanup.sh"),
|
||||||
|
|
||||||
"--config-dir", account_path,
|
"--config-dir", account_path,
|
||||||
#"--staging",
|
#"--staging",
|
||||||
|
@ -1,2 +1,10 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# TODO: Make work with port other than 443
|
||||||
|
|
||||||
|
API_KEY=`cat /var/lib/mailinabox/api.key`
|
||||||
|
HOSTNAME=`hostname`
|
||||||
|
|
||||||
|
curl -s -X PUT -d "$CERTBOT_VALIDATION" --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
|
||||||
|
|
||||||
|
sleep 15
|
||||||
|
8
tools/dns-cleanup.sh
Executable file
8
tools/dns-cleanup.sh
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# TODO: Make work with port other than 443
|
||||||
|
|
||||||
|
API_KEY=`cat /var/lib/mailinabox/api.key`
|
||||||
|
HOSTNAME=`hostname`
|
||||||
|
|
||||||
|
curl -s -X DELETE --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
|
Loading…
Reference in New Issue
Block a user