when installing a ssl cert for the primary hostname, dns, postfix, and dovecot all need to be updated/kicked
see https://discourse.mailinabox.email/t/there-is-a-problem-with-the-ssl-certificate/144/4
This commit is contained in:
parent
f9acf0adec
commit
ec73c171c7
|
@ -179,9 +179,8 @@ def check_primary_hostname_dns(domain, env, dns_domains, dns_zonefiles):
|
||||||
elif tlsa25 is None:
|
elif tlsa25 is None:
|
||||||
env['out'].print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""")
|
env['out'].print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""")
|
||||||
else:
|
else:
|
||||||
env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'. Try running tools/dns_update to
|
env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'.
|
||||||
regenerate the record. It may take several hours for
|
It may take several hours for public DNS to update after a change."""
|
||||||
public DNS to update after a change."""
|
|
||||||
% (tlsa_qname, tlsa25, tlsa25_expected))
|
% (tlsa_qname, tlsa25, tlsa25_expected))
|
||||||
|
|
||||||
# Check that the hostmaster@ email address exists.
|
# Check that the hostmaster@ email address exists.
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
import os, os.path, shutil, re, rtyaml
|
import os, os.path, shutil, re, rtyaml
|
||||||
|
|
||||||
from mailconfig import get_mail_domains
|
from mailconfig import get_mail_domains
|
||||||
from dns_update import get_custom_dns_config
|
from dns_update import get_custom_dns_config, do_dns_update
|
||||||
from utils import shell, safe_domain_name, sort_domains
|
from utils import shell, safe_domain_name, sort_domains
|
||||||
|
|
||||||
def get_web_domains(env):
|
def get_web_domains(env):
|
||||||
|
@ -237,8 +237,21 @@ def install_cert(domain, ssl_cert, ssl_chain, env):
|
||||||
os.makedirs(os.path.dirname(ssl_certificate), exist_ok=True)
|
os.makedirs(os.path.dirname(ssl_certificate), exist_ok=True)
|
||||||
shutil.move(fn, ssl_certificate)
|
shutil.move(fn, ssl_certificate)
|
||||||
|
|
||||||
|
ret = []
|
||||||
|
|
||||||
|
# When updating the cert for PRIMARY_HOSTNAME, also update DNS because it is
|
||||||
|
# used in the DANE TLSA record and restart postfix and dovecot which use
|
||||||
|
# that certificate.
|
||||||
|
if domain == env['PRIMARY_HOSTNAME']:
|
||||||
|
ret.append( do_dns_update(env) )
|
||||||
|
|
||||||
|
shell('check_call', ["/usr/sbin/service", "postfix", "restart"])
|
||||||
|
shell('check_call', ["/usr/sbin/service", "dovecot", "restart"])
|
||||||
|
ret.append("mail services restarted")
|
||||||
|
|
||||||
# Kick nginx so it sees the cert.
|
# Kick nginx so it sees the cert.
|
||||||
return do_web_update(env, ok_status="")
|
ret.append( do_web_update(env, ok_status="") )
|
||||||
|
return "\n".join(r for r in ret if r.strip() != "")
|
||||||
|
|
||||||
def get_web_domains_info(env):
|
def get_web_domains_info(env):
|
||||||
def check_cert(domain):
|
def check_cert(domain):
|
||||||
|
|
Loading…
Reference in New Issue