auto-agree to Let's Encrypt's terms of service during setup
fixes #1409
This reverts commit 82844ca651 ("make certbot auto-agree to TOS if NONINTERACTIVE=1 env var is set (#1399)") and instead *always* auto-agree. If we don't auto-agree, certbot asks the user interactively, but our "curl | bash" setup line does not permit interactive prompts, so certbot failed to register and all certificate things were broken until the command was re-run interactively.
This commit is contained in:
Joshua Tauberer
parent
a5d5a073c7
commit
842fbb3d72
|
|
@ -4,6 +4,7 @@ CHANGELOG
|
||||||
In Development
|
In Development
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
|
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
|
||||||
* Update to Nextcloud 13.0.5.
|
* Update to Nextcloud 13.0.5.
|
||||||
* Update to Roundcube 1.3.7.
|
* Update to Roundcube 1.3.7.
|
||||||
* Update to Z-Push 2.4.4.
|
* Update to Z-Push 2.4.4.
|
||||||
|
|
|
||||||
|
|
@ -19,12 +19,9 @@ Vagrant.configure("2") do |config|
|
||||||
config.vm.network "private_network", ip: "192.168.50.4"
|
config.vm.network "private_network", ip: "192.168.50.4"
|
||||||
|
|
||||||
config.vm.provision :shell, :inline => <<-SH
|
config.vm.provision :shell, :inline => <<-SH
|
||||||
# Set environment variables so that the setup script does
|
# Set environment variables so that the setup script does
|
||||||
# not ask any questions during provisioning. We'll let the
|
# not ask any questions during provisioning. We'll let the
|
||||||
# machine figure out its own public IP.
|
# machine figure out its own public IP.
|
||||||
#
|
|
||||||
# Please note: NONINTERACTIVE=1 mode means that you'll automatically agree
|
|
||||||
# to Let's Encrypt's ACME Subscriber Agreement.
|
|
||||||
export NONINTERACTIVE=1
|
export NONINTERACTIVE=1
|
||||||
export PUBLIC_IP=auto
|
export PUBLIC_IP=auto
|
||||||
export PUBLIC_IPV6=auto
|
export PUBLIC_IPV6=auto
|
||||||
|
|
|
||||||
|
|
@ -130,17 +130,18 @@ restart_service fail2ban
|
||||||
# If there aren't any mail users yet, create one.
|
# If there aren't any mail users yet, create one.
|
||||||
source setup/firstuser.sh
|
source setup/firstuser.sh
|
||||||
|
|
||||||
# Register with Let's Encrypt, including agreeing to the Terms of Service. This
|
# Register with Let's Encrypt, including agreeing to the Terms of Service.
|
||||||
# is an interactive command.
|
# We'd let certbot ask the user interactively, but when this script is
|
||||||
|
# run in the recommended curl-pipe-to-bash method there is no TTY and
|
||||||
|
# certbot will fail if it tries to ask.
|
||||||
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then
|
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then
|
||||||
echo
|
echo
|
||||||
echo "-----------------------------------------------"
|
echo "-----------------------------------------------"
|
||||||
echo "Mail-in-a-Box uses Let's Encrypt to provision free certificates"
|
echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
|
||||||
echo "to enable HTTPS connections to your box. You'll now be asked to agree"
|
echo "to enable HTTPS connections to your box. We're automatically"
|
||||||
echo "to Let's Encrypt's terms of service."
|
echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
|
||||||
echo
|
echo
|
||||||
certbot register $([ "$NONINTERACTIVE" == 1 ] && echo "--agree-tos") \
|
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
|
||||||
--register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Done.
|
# Done.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue