external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00
Code Issues Releases Wiki Activity

when installing a ssl cert for the primary hostname, dns, postfix, and dovecot all need to be updated/kicked

Browse Source 
see https://discourse.mailinabox.email/t/there-is-a-problem-with-the-ssl-certificate/144/4
This commit is contained in:
Joshua Tauberer 2014-10-28 11:38:04 +00:00
parent f9acf0adec
commit ec73c171c7
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
management/status_checks.py
View File

@ -179,9 +179,8 @@ def check_primary_hostname_dns(domain, env, dns_domains, dns_zonefiles):
elif tlsa25 is None: elif tlsa25 is None:
env['out'].print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""") env['out'].print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""")
else: else:
env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'. Try running tools/dns_update to env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'.
regenerate the record. It may take several hours for It may take several hours for public DNS to update after a change."""
public DNS to update after a change."""
% (tlsa_qname, tlsa25, tlsa25_expected)) % (tlsa_qname, tlsa25, tlsa25_expected))
# Check that the hostmaster@ email address exists. # Check that the hostmaster@ email address exists.

17
management/web_update.py
View File

@ -5,7 +5,7 @@
import os, os.path, shutil, re, rtyaml import os, os.path, shutil, re, rtyaml
from mailconfig import get_mail_domains from mailconfig import get_mail_domains
from dns_update import get_custom_dns_config from dns_update import get_custom_dns_config, do_dns_update
from utils import shell, safe_domain_name, sort_domains from utils import shell, safe_domain_name, sort_domains
def get_web_domains(env): def get_web_domains(env):
@ -237,8 +237,21 @@ def install_cert(domain, ssl_cert, ssl_chain, env):
os.makedirs(os.path.dirname(ssl_certificate), exist_ok=True) os.makedirs(os.path.dirname(ssl_certificate), exist_ok=True)
shutil.move(fn, ssl_certificate) shutil.move(fn, ssl_certificate)
ret = []
# When updating the cert for PRIMARY_HOSTNAME, also update DNS because it is
# used in the DANE TLSA record and restart postfix and dovecot which use
# that certificate.
if domain == env['PRIMARY_HOSTNAME']:
ret.append( do_dns_update(env) )
shell('check_call', ["/usr/sbin/service", "postfix", "restart"])
shell('check_call', ["/usr/sbin/service", "dovecot", "restart"])
ret.append("mail services restarted")
# Kick nginx so it sees the cert. # Kick nginx so it sees the cert.
return do_web_update(env, ok_status="") ret.append( do_web_update(env, ok_status="") )
return "\n".join(r for r in ret if r.strip() != "")
def get_web_domains_info(env): def get_web_domains_info(env):
def check_cert(domain): def check_cert(domain):