mirror of
				https://github.com/mail-in-a-box/mailinabox.git
				synced 2025-10-25 18:00:54 +00:00 
			
		
		
		
	explain how to install a multi-domain or wildcard ssl cert; if one is installed, the Replace Cert button in the admin for non-primary domains should not replace the cert on the primary domain
This commit is contained in:
		
							parent
							
								
									be59bcd47d
								
							
						
					
					
						commit
						ceba53f1c4
					
				| @ -522,7 +522,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key): | |||||||
| 		return ("SELF-SIGNED", None) | 		return ("SELF-SIGNED", None) | ||||||
| 	elif retcode != 0: | 	elif retcode != 0: | ||||||
| 		if "unable to get local issuer certificate" in verifyoutput: | 		if "unable to get local issuer certificate" in verifyoutput: | ||||||
| 			return ("The certificate is missing an intermediate chain or the intermediate chain is incorrect or incomplete.", None) | 			return ("The certificate is missing an intermediate chain or the intermediate chain is incorrect or incomplete. (%s)" % verifyoutput, None) | ||||||
| 
 | 
 | ||||||
| 		# There is some unknown problem. Return the `openssl verify` raw output. | 		# There is some unknown problem. Return the `openssl verify` raw output. | ||||||
| 		return ("There is a problem with the SSL certificate.", verifyoutput.strip()) | 		return ("There is a problem with the SSL certificate.", verifyoutput.strip()) | ||||||
|  | |||||||
| @ -18,6 +18,8 @@ | |||||||
|   </tbody> |   </tbody> | ||||||
| </table> | </table> | ||||||
| 
 | 
 | ||||||
|  | <p>Advanced:<br>Install a multi-domain or wildcard certificate for the <code>{{hostname}}</code> domain to have it automatically applied to any domains it is valid for.</p> | ||||||
|  | 
 | ||||||
| <h3 id="ssl_install_header">Install SSL Certificate</h3> | <h3 id="ssl_install_header">Install SSL Certificate</h3> | ||||||
| 
 | 
 | ||||||
| <p>There are many places where you can get a free or cheap SSL certificate. We recommend <a href="https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx">Namecheap’s $9 certificate</a> or <a href="https://www.startssl.com/">StartSSL’s free express lane</a>.</p> | <p>There are many places where you can get a free or cheap SSL certificate. We recommend <a href="https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx">Namecheap’s $9 certificate</a> or <a href="https://www.startssl.com/">StartSSL’s free express lane</a>.</p> | ||||||
|  | |||||||
| @ -135,7 +135,7 @@ def get_web_root(domain, env, test_exists=True): | |||||||
| 		if os.path.exists(root) or not test_exists: break | 		if os.path.exists(root) or not test_exists: break | ||||||
| 	return root | 	return root | ||||||
| 
 | 
 | ||||||
| def get_domain_ssl_files(domain, env): | def get_domain_ssl_files(domain, env, allow_shared_cert=True): | ||||||
| 	# What SSL private key will we use? Allow the user to override this, but | 	# What SSL private key will we use? Allow the user to override this, but | ||||||
| 	# in many cases using the same private key for all domains would be fine. | 	# in many cases using the same private key for all domains would be fine. | ||||||
| 	# Don't allow the user to override the key for PRIMARY_HOSTNAME because | 	# Don't allow the user to override the key for PRIMARY_HOSTNAME because | ||||||
| @ -159,7 +159,7 @@ def get_domain_ssl_files(domain, env): | |||||||
| 		# But we can be smart and reuse the main SSL certificate if is has | 		# But we can be smart and reuse the main SSL certificate if is has | ||||||
| 		# a Subject Alternative Name matching this domain. Don't do this if | 		# a Subject Alternative Name matching this domain. Don't do this if | ||||||
| 		# the user has uploaded a different private key for this domain. | 		# the user has uploaded a different private key for this domain. | ||||||
| 		if not ssl_key_is_alt: | 		if not ssl_key_is_alt and allow_shared_cert: | ||||||
| 			from status_checks import check_certificate | 			from status_checks import check_certificate | ||||||
| 			if check_certificate(domain, ssl_certificate_primary, None)[0] == "OK": | 			if check_certificate(domain, ssl_certificate_primary, None)[0] == "OK": | ||||||
| 				ssl_certificate = ssl_certificate_primary | 				ssl_certificate = ssl_certificate_primary | ||||||
| @ -225,7 +225,7 @@ def install_cert(domain, ssl_cert, ssl_chain, env): | |||||||
| 
 | 
 | ||||||
| 	# Do validation on the certificate before installing it. | 	# Do validation on the certificate before installing it. | ||||||
| 	from status_checks import check_certificate | 	from status_checks import check_certificate | ||||||
| 	ssl_key, ssl_certificate, ssl_csr_path = get_domain_ssl_files(domain, env) | 	ssl_key, ssl_certificate, ssl_csr_path = get_domain_ssl_files(domain, env, allow_shared_cert=False) | ||||||
| 	cert_status, cert_status_details = check_certificate(domain, fn, ssl_key) | 	cert_status, cert_status_details = check_certificate(domain, fn, ssl_key) | ||||||
| 	if cert_status != "OK": | 	if cert_status != "OK": | ||||||
| 		if cert_status == "SELF-SIGNED": | 		if cert_status == "SELF-SIGNED": | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user