1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-22 07:17:05 +00:00

auto-agree to Let's Encrypt's terms of service during setup

fixes #1409

This reverts commit 82844ca651 ("make certbot auto-agree to TOS if NONINTERACTIVE=1 env var is set (#1399)") and instead *always* auto-agree. If we don't auto-agree, certbot asks the user interactively, but our "curl | bash" setup line does not permit interactive prompts, so certbot failed to register and all certificate things were broken until the command was re-run interactively.
This commit is contained in:
Joshua Tauberer 2018-09-03 12:52:03 -04:00
parent a5d5a073c7
commit 842fbb3d72
3 changed files with 12 additions and 13 deletions

View File

@ -4,6 +4,7 @@ CHANGELOG
In Development
--------------
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
* Update to Nextcloud 13.0.5.
* Update to Roundcube 1.3.7.
* Update to Z-Push 2.4.4.

9
Vagrantfile vendored
View File

@ -19,12 +19,9 @@ Vagrant.configure("2") do |config|
config.vm.network "private_network", ip: "192.168.50.4"
config.vm.provision :shell, :inline => <<-SH
# Set environment variables so that the setup script does
# not ask any questions during provisioning. We'll let the
# machine figure out its own public IP.
#
# Please note: NONINTERACTIVE=1 mode means that you'll automatically agree
# to Let's Encrypt's ACME Subscriber Agreement.
# Set environment variables so that the setup script does
# not ask any questions during provisioning. We'll let the
# machine figure out its own public IP.
export NONINTERACTIVE=1
export PUBLIC_IP=auto
export PUBLIC_IPV6=auto

View File

@ -130,17 +130,18 @@ restart_service fail2ban
# If there aren't any mail users yet, create one.
source setup/firstuser.sh
# Register with Let's Encrypt, including agreeing to the Terms of Service. This
# is an interactive command.
# Register with Let's Encrypt, including agreeing to the Terms of Service.
# We'd let certbot ask the user interactively, but when this script is
# run in the recommended curl-pipe-to-bash method there is no TTY and
# certbot will fail if it tries to ask.
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then
echo
echo "-----------------------------------------------"
echo "Mail-in-a-Box uses Let's Encrypt to provision free certificates"
echo "to enable HTTPS connections to your box. You'll now be asked to agree"
echo "to Let's Encrypt's terms of service."
echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
echo "to enable HTTPS connections to your box. We're automatically"
echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
echo
certbot register $([ "$NONINTERACTIVE" == 1 ] && echo "--agree-tos") \
--register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
fi
# Done.