Compare commits
32 Commits
certbot-re
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
73938cb4a1 | ||
|
|
1d6a30144b | ||
|
2e59ae36c1 | ||
|
|
e72e9f6ed0 | ||
|
|
91d449259f | ||
|
|
dd17b24158 | ||
|
|
17f70e4a31 | ||
|
|
6619c4e0cd | ||
|
|
a06bea000c | ||
|
62401a38e7 | ||
|
|
acef819cc1 | ||
|
|
74828b1e8d | ||
|
|
7e1758fde0 | ||
|
|
e2731a1227 | ||
|
|
0a919148ff | ||
|
|
6fcd80b175 | ||
|
|
c9359819b6 | ||
|
|
ce32306873 | ||
|
|
9ce4ec598d | ||
|
|
9488a4fa1d | ||
|
|
3105c07c72 | ||
|
|
286e74c027 | ||
|
|
b909214614 | ||
|
|
70c66c5495 | ||
|
|
430308342f | ||
|
|
97222fbb25 | ||
|
|
b00bf6caf2 | ||
|
|
7dac282621 | ||
|
|
0c1936f8ec | ||
|
|
e5bb6e4a9d | ||
|
|
951fafd0b9 | ||
|
|
4899670c70 |
12
.github/workflows/call_invalid_helper.yml
vendored
12
.github/workflows/call_invalid_helper.yml
vendored
@ -1,12 +0,0 @@
|
|||||||
name: Comment on invalid interaction
|
|
||||||
on:
|
|
||||||
issues:
|
|
||||||
types:
|
|
||||||
- labeled
|
|
||||||
jobs:
|
|
||||||
add-comment-on-invalid:
|
|
||||||
if: github.event.label.name == 'invalid'
|
|
||||||
permissions:
|
|
||||||
issues: write
|
|
||||||
uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
|
|
||||||
secrets: inherit
|
|
||||||
14
.github/workflows/call_issue_pr_tracker.yml
vendored
Executable file
14
.github/workflows/call_issue_pr_tracker.yml
vendored
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
name: Issue & PR Tracker
|
||||||
|
|
||||||
|
on:
|
||||||
|
issues:
|
||||||
|
types: [opened,reopened,labeled,unlabeled]
|
||||||
|
pull_request_target:
|
||||||
|
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
manage-project:
|
||||||
|
permissions:
|
||||||
|
issues: write
|
||||||
|
uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
|
||||||
|
secrets: inherit
|
||||||
13
.github/workflows/call_issues_cron.yml
vendored
Executable file
13
.github/workflows/call_issues_cron.yml
vendored
Executable file
@ -0,0 +1,13 @@
|
|||||||
|
name: Mark stale issues and pull requests
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '35 15 * * *'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
stale:
|
||||||
|
permissions:
|
||||||
|
issues: write
|
||||||
|
pull-requests: write
|
||||||
|
uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
|
||||||
|
secrets: inherit
|
||||||
@ -2,7 +2,7 @@ name: Package Trigger Scheduler
|
|||||||
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '03 5 * * 4'
|
- cron: '1 3 * * 6'
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|||||||
3
.github/workflows/permissions.yml
vendored
3
.github/workflows/permissions.yml
vendored
@ -1,9 +1,10 @@
|
|||||||
name: Permission check
|
name: Permission check
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request_target:
|
||||||
paths:
|
paths:
|
||||||
- '**/run'
|
- '**/run'
|
||||||
- '**/finish'
|
- '**/finish'
|
||||||
|
- '**/check'
|
||||||
jobs:
|
jobs:
|
||||||
permission_check:
|
permission_check:
|
||||||
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1
|
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1
|
||||||
|
|||||||
23
.github/workflows/stale.yml
vendored
23
.github/workflows/stale.yml
vendored
@ -1,23 +0,0 @@
|
|||||||
name: Mark stale issues and pull requests
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: "30 1 * * *"
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
stale:
|
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/stale@v6.0.1
|
|
||||||
with:
|
|
||||||
stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
|
|
||||||
stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
|
|
||||||
stale-issue-label: 'no-issue-activity'
|
|
||||||
stale-pr-label: 'no-pr-activity'
|
|
||||||
days-before-stale: 30
|
|
||||||
days-before-close: 365
|
|
||||||
exempt-issue-labels: 'awaiting-approval,work-in-progress'
|
|
||||||
exempt-pr-labels: 'awaiting-approval,work-in-progress'
|
|
||||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
@ -159,6 +159,8 @@ RUN \
|
|||||||
mkdir -p /defaults/fail2ban && \
|
mkdir -p /defaults/fail2ban && \
|
||||||
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
||||||
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
||||||
|
echo "**** define allowipv6 to silence warning ****" && \
|
||||||
|
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
|
||||||
echo "**** copy proxy confs to /defaults ****" && \
|
echo "**** copy proxy confs to /defaults ****" && \
|
||||||
mkdir -p \
|
mkdir -p \
|
||||||
/defaults/nginx/proxy-confs && \
|
/defaults/nginx/proxy-confs && \
|
||||||
|
|||||||
@ -159,6 +159,8 @@ RUN \
|
|||||||
mkdir -p /defaults/fail2ban && \
|
mkdir -p /defaults/fail2ban && \
|
||||||
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
||||||
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
||||||
|
echo "**** define allowipv6 to silence warning ****" && \
|
||||||
|
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
|
||||||
echo "**** copy proxy confs to /defaults ****" && \
|
echo "**** copy proxy confs to /defaults ****" && \
|
||||||
mkdir -p \
|
mkdir -p \
|
||||||
/defaults/nginx/proxy-confs && \
|
/defaults/nginx/proxy-confs && \
|
||||||
|
|||||||
@ -159,6 +159,8 @@ RUN \
|
|||||||
mkdir -p /defaults/fail2ban && \
|
mkdir -p /defaults/fail2ban && \
|
||||||
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
|
||||||
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
|
||||||
|
echo "**** define allowipv6 to silence warning ****" && \
|
||||||
|
sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
|
||||||
echo "**** copy proxy confs to /defaults ****" && \
|
echo "**** copy proxy confs to /defaults ****" && \
|
||||||
mkdir -p \
|
mkdir -p \
|
||||||
/defaults/nginx/proxy-confs && \
|
/defaults/nginx/proxy-confs && \
|
||||||
|
|||||||
23
Jenkinsfile
vendored
23
Jenkinsfile
vendored
@ -57,7 +57,7 @@ pipeline {
|
|||||||
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
|
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
|
||||||
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
|
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
|
||||||
env.PULL_REQUEST = env.CHANGE_ID
|
env.PULL_REQUEST = env.CHANGE_ID
|
||||||
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/call_invalid_helper.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
|
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
|
||||||
}
|
}
|
||||||
script{
|
script{
|
||||||
env.LS_RELEASE_NUMBER = sh(
|
env.LS_RELEASE_NUMBER = sh(
|
||||||
@ -230,17 +230,14 @@ pipeline {
|
|||||||
}
|
}
|
||||||
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
|
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
|
||||||
sh '''#! /bin/bash
|
sh '''#! /bin/bash
|
||||||
set -e
|
|
||||||
docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
|
|
||||||
docker run --rm \
|
docker run --rm \
|
||||||
-e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
|
-v ${WORKSPACE}:/mnt \
|
||||||
-e FILE_NAME="shellcheck-result.xml" \
|
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
|
||||||
-e MIMETYPE="text/xml" \
|
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
|
||||||
-v ${WORKSPACE}:/mnt \
|
ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
|
||||||
-e SECRET_KEY=\"${S3_SECRET}\" \
|
apk add --no-cache py3-pip && \
|
||||||
-e ACCESS_KEY=\"${S3_KEY}\" \
|
pip install s3cmd && \
|
||||||
-t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
|
s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :'''
|
||||||
python /upload.py'''
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -277,7 +274,7 @@ pipeline {
|
|||||||
echo "Jenkinsfile is up to date."
|
echo "Jenkinsfile is up to date."
|
||||||
fi
|
fi
|
||||||
# Stage 2 - Delete old templates
|
# Stage 2 - Delete old templates
|
||||||
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
|
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
|
||||||
for i in ${OLD_TEMPLATES}; do
|
for i in ${OLD_TEMPLATES}; do
|
||||||
if [[ -f "${i}" ]]; then
|
if [[ -f "${i}" ]]; then
|
||||||
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
|
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
|
||||||
@ -294,7 +291,7 @@ pipeline {
|
|||||||
git commit -m 'Bot Updating Templated Files'
|
git commit -m 'Bot Updating Templated Files'
|
||||||
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
|
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
|
||||||
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
|
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
|
||||||
echo "Deleting old templates"
|
echo "Deleting old and deprecated templates"
|
||||||
rm -Rf ${TEMPDIR}
|
rm -Rf ${TEMPDIR}
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
|
|||||||
@ -336,6 +336,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
* **25.03.23:** - Fix renewal post hook.
|
||||||
|
* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).
|
||||||
* **09.03.23:** - Add Google Domains DNS support, `google-domains`.
|
* **09.03.23:** - Add Google Domains DNS support, `google-domains`.
|
||||||
* **02.03.23:** - Set permissions on crontabs during init.
|
* **02.03.23:** - Set permissions on crontabs during init.
|
||||||
* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
|
* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
|
||||||
|
|||||||
@ -2,11 +2,11 @@ NAME VERSION TYPE
|
|||||||
ConfigArgParse 1.5.3 python
|
ConfigArgParse 1.5.3 python
|
||||||
PyJWT 2.6.0 python
|
PyJWT 2.6.0 python
|
||||||
PyYAML 6.0 python
|
PyYAML 6.0 python
|
||||||
acme 2.4.0 python
|
acme 2.5.0 python
|
||||||
alpine-baselayout 3.4.0-r0 apk
|
alpine-baselayout 3.4.0-r0 apk
|
||||||
alpine-baselayout-data 3.4.0-r0 apk
|
alpine-baselayout-data 3.4.0-r0 apk
|
||||||
alpine-keys 2.4-r1 apk
|
alpine-keys 2.4-r1 apk
|
||||||
alpine-release 3.17.2-r0 apk
|
alpine-release 3.17.3-r0 apk
|
||||||
aom-libs 3.5.0-r0 apk
|
aom-libs 3.5.0-r0 apk
|
||||||
apache2-utils 2.4.56-r0 apk
|
apache2-utils 2.4.56-r0 apk
|
||||||
apk-tools 2.12.10-r1 apk
|
apk-tools 2.12.10-r1 apk
|
||||||
@ -15,14 +15,14 @@ apr-util 1.6.3-r0 apk
|
|||||||
argon2-libs 20190702-r2 apk
|
argon2-libs 20190702-r2 apk
|
||||||
attrs 22.2.0 python
|
attrs 22.2.0 python
|
||||||
azure-common 1.1.28 python
|
azure-common 1.1.28 python
|
||||||
azure-core 1.26.3 python
|
azure-core 1.26.4 python
|
||||||
azure-identity 1.12.0 python
|
azure-identity 1.12.0 python
|
||||||
azure-mgmt-core 1.3.2 python
|
azure-mgmt-core 1.4.0 python
|
||||||
azure-mgmt-dns 8.0.0 python
|
azure-mgmt-dns 8.0.0 python
|
||||||
bash 5.2.15-r0 apk
|
bash 5.2.15-r0 apk
|
||||||
beautifulsoup4 4.11.2 python
|
beautifulsoup4 4.12.2 python
|
||||||
boto3 1.26.88 python
|
boto3 1.26.109 python
|
||||||
botocore 1.29.88 python
|
botocore 1.29.109 python
|
||||||
brotli-libs 1.0.9-r9 apk
|
brotli-libs 1.0.9-r9 apk
|
||||||
bs4 0.0.1 python
|
bs4 0.0.1 python
|
||||||
busybox 1.35.0 binary
|
busybox 1.35.0 binary
|
||||||
@ -32,42 +32,42 @@ c-client 2007f-r14 apk
|
|||||||
ca-certificates 20220614-r4 apk
|
ca-certificates 20220614-r4 apk
|
||||||
ca-certificates-bundle 20220614-r4 apk
|
ca-certificates-bundle 20220614-r4 apk
|
||||||
cachetools 5.3.0 python
|
cachetools 5.3.0 python
|
||||||
certbot 2.4.0 python
|
certbot 2.5.0 python
|
||||||
certbot-dns-acmedns 0.1.0 python
|
certbot-dns-acmedns 0.1.0 python
|
||||||
certbot-dns-aliyun 2.0.0 python
|
certbot-dns-aliyun 2.0.0 python
|
||||||
certbot-dns-azure 2.1.0 python
|
certbot-dns-azure 2.1.0 python
|
||||||
certbot-dns-cloudflare 2.4.0 python
|
certbot-dns-cloudflare 2.5.0 python
|
||||||
certbot-dns-cpanel 0.4.0 python
|
certbot-dns-cpanel 0.4.0 python
|
||||||
certbot-dns-desec 1.2.1 python
|
certbot-dns-desec 1.2.1 python
|
||||||
certbot-dns-digitalocean 2.4.0 python
|
certbot-dns-digitalocean 2.5.0 python
|
||||||
certbot-dns-directadmin 1.0.3 python
|
certbot-dns-directadmin 1.0.3 python
|
||||||
certbot-dns-dnsimple 2.4.0 python
|
certbot-dns-dnsimple 2.5.0 python
|
||||||
certbot-dns-dnsmadeeasy 2.4.0 python
|
certbot-dns-dnsmadeeasy 2.5.0 python
|
||||||
certbot-dns-dnspod 0.1.0 python
|
certbot-dns-dnspod 0.1.0 python
|
||||||
certbot-dns-do 0.31.0 python
|
certbot-dns-do 0.31.0 python
|
||||||
certbot-dns-domeneshop 0.2.9 python
|
certbot-dns-domeneshop 0.2.9 python
|
||||||
certbot-dns-duckdns 1.2.1 python
|
certbot-dns-duckdns 1.3 python
|
||||||
certbot-dns-dynu 0.0.4 python
|
certbot-dns-dynu 0.0.4 python
|
||||||
certbot-dns-gehirn 2.4.0 python
|
certbot-dns-gehirn 2.5.0 python
|
||||||
certbot-dns-godaddy 0.2.2 python
|
certbot-dns-godaddy 0.2.2 python
|
||||||
certbot-dns-google 2.4.0 python
|
certbot-dns-google 2.5.0 python
|
||||||
certbot-dns-google-domains 0.1.6 python
|
certbot-dns-google-domains 0.1.9 python
|
||||||
certbot-dns-he 1.0.0 python
|
certbot-dns-he 1.0.0 python
|
||||||
certbot-dns-hetzner 2.0.0 python
|
certbot-dns-hetzner 2.0.0 python
|
||||||
certbot-dns-infomaniak 0.2.1 python
|
certbot-dns-infomaniak 0.2.1 python
|
||||||
certbot-dns-inwx 2.2.0 python
|
certbot-dns-inwx 2.2.0 python
|
||||||
certbot-dns-ionos 2022.11.24 python
|
certbot-dns-ionos 2022.11.24 python
|
||||||
certbot-dns-linode 2.4.0 python
|
certbot-dns-linode 2.5.0 python
|
||||||
certbot-dns-loopia 1.0.1 python
|
certbot-dns-loopia 1.0.1 python
|
||||||
certbot-dns-luadns 2.4.0 python
|
certbot-dns-luadns 2.5.0 python
|
||||||
certbot-dns-netcup 1.2.0 python
|
certbot-dns-netcup 1.2.0 python
|
||||||
certbot-dns-njalla 1.0.0 python
|
certbot-dns-njalla 1.0.0 python
|
||||||
certbot-dns-nsone 2.4.0 python
|
certbot-dns-nsone 2.5.0 python
|
||||||
certbot-dns-ovh 2.4.0 python
|
certbot-dns-ovh 2.5.0 python
|
||||||
certbot-dns-porkbun 0.7 python
|
certbot-dns-porkbun 0.8 python
|
||||||
certbot-dns-rfc2136 2.4.0 python
|
certbot-dns-rfc2136 2.5.0 python
|
||||||
certbot-dns-route53 2.4.0 python
|
certbot-dns-route53 2.5.0 python
|
||||||
certbot-dns-sakuracloud 2.4.0 python
|
certbot-dns-sakuracloud 2.5.0 python
|
||||||
certbot-dns-standalone 1.1 python
|
certbot-dns-standalone 1.1 python
|
||||||
certbot-dns-transip 0.5.2 python
|
certbot-dns-transip 0.5.2 python
|
||||||
certbot-dns-vultr 1.0.3 python
|
certbot-dns-vultr 1.0.3 python
|
||||||
@ -78,8 +78,8 @@ charset-normalizer 3.1.0 python
|
|||||||
cloudflare 2.11.1 python
|
cloudflare 2.11.1 python
|
||||||
configobj 5.0.8 python
|
configobj 5.0.8 python
|
||||||
coreutils 9.1-r0 apk
|
coreutils 9.1-r0 apk
|
||||||
cryptography 39.0.2 python
|
cryptography 40.0.1 python
|
||||||
curl 7.88.1-r0 apk
|
curl 7.88.1-r1 apk
|
||||||
dataclasses-json 0.5.7 python
|
dataclasses-json 0.5.7 python
|
||||||
distro 1.8.0 python
|
distro 1.8.0 python
|
||||||
dns-lexicon 3.11.7 python
|
dns-lexicon 3.11.7 python
|
||||||
@ -88,7 +88,7 @@ dnspython 2.3.0 python
|
|||||||
domeneshop 0.4.3 python
|
domeneshop 0.4.3 python
|
||||||
fail2ban 1.0.2 python
|
fail2ban 1.0.2 python
|
||||||
fail2ban 1.0.2-r0 apk
|
fail2ban 1.0.2-r0 apk
|
||||||
filelock 3.9.0 python
|
filelock 3.11.0 python
|
||||||
fontconfig 2.14.1-r0 apk
|
fontconfig 2.14.1-r0 apk
|
||||||
freetype 2.12.1-r0 apk
|
freetype 2.12.1-r0 apk
|
||||||
future 0.18.3 python
|
future 0.18.3 python
|
||||||
@ -103,20 +103,20 @@ gnupg-utils 2.2.40-r0 apk
|
|||||||
gnupg-wks-client 2.2.40-r0 apk
|
gnupg-wks-client 2.2.40-r0 apk
|
||||||
gnutls 3.7.8-r3 apk
|
gnutls 3.7.8-r3 apk
|
||||||
google-api-core 2.11.0 python
|
google-api-core 2.11.0 python
|
||||||
google-api-python-client 2.80.0 python
|
google-api-python-client 2.84.0 python
|
||||||
google-auth 2.16.2 python
|
google-auth 2.17.2 python
|
||||||
google-auth-httplib2 0.1.0 python
|
google-auth-httplib2 0.1.0 python
|
||||||
googleapis-common-protos 1.58.0 python
|
googleapis-common-protos 1.59.0 python
|
||||||
gpg 2.2.40-r0 apk
|
gpg 2.2.40-r0 apk
|
||||||
gpg-agent 2.2.40-r0 apk
|
gpg-agent 2.2.40-r0 apk
|
||||||
gpg-wks-server 2.2.40-r0 apk
|
gpg-wks-server 2.2.40-r0 apk
|
||||||
gpgsm 2.2.40-r0 apk
|
gpgsm 2.2.40-r0 apk
|
||||||
gpgv 2.2.40-r0 apk
|
gpgv 2.2.40-r0 apk
|
||||||
httplib2 0.21.0 python
|
httplib2 0.22.0 python
|
||||||
icu-data-en 72.1-r1 apk
|
icu-data-en 72.1-r1 apk
|
||||||
icu-libs 72.1-r1 apk
|
icu-libs 72.1-r1 apk
|
||||||
idna 3.4 python
|
idna 3.4 python
|
||||||
importlib-metadata 6.0.0 python
|
importlib-metadata 6.2.0 python
|
||||||
ip6tables 1.8.8-r2 apk
|
ip6tables 1.8.8-r2 apk
|
||||||
iptables 1.8.8-r2 apk
|
iptables 1.8.8-r2 apk
|
||||||
isodate 0.6.1 python
|
isodate 0.6.1 python
|
||||||
@ -132,8 +132,8 @@ libavif 0.11.1-r0 apk
|
|||||||
libbsd 0.11.7-r0 apk
|
libbsd 0.11.7-r0 apk
|
||||||
libbz2 1.0.8-r4 apk
|
libbz2 1.0.8-r4 apk
|
||||||
libc-utils 0.7.2-r3 apk
|
libc-utils 0.7.2-r3 apk
|
||||||
libcrypto3 3.0.8-r0 apk
|
libcrypto3 3.0.8-r3 apk
|
||||||
libcurl 7.88.1-r0 apk
|
libcurl 7.88.1-r1 apk
|
||||||
libdav1d 1.0.0-r2 apk
|
libdav1d 1.0.0-r2 apk
|
||||||
libedit 20221030.3.1-r0 apk
|
libedit 20221030.3.1-r0 apk
|
||||||
libevent 2.1.12-r5 apk
|
libevent 2.1.12-r5 apk
|
||||||
@ -162,7 +162,7 @@ libsasl 2.1.28-r3 apk
|
|||||||
libseccomp 2.5.4-r0 apk
|
libseccomp 2.5.4-r0 apk
|
||||||
libsm 1.2.3-r1 apk
|
libsm 1.2.3-r1 apk
|
||||||
libsodium 1.0.18-r2 apk
|
libsodium 1.0.18-r2 apk
|
||||||
libssl3 3.0.8-r0 apk
|
libssl3 3.0.8-r3 apk
|
||||||
libstdc++ 12.2.1_git20220924-r4 apk
|
libstdc++ 12.2.1_git20220924-r4 apk
|
||||||
libtasn1 4.19.0-r0 apk
|
libtasn1 4.19.0-r0 apk
|
||||||
libunistring 1.1-r0 apk
|
libunistring 1.1-r0 apk
|
||||||
@ -175,7 +175,7 @@ libxdmcp 1.1.4-r0 apk
|
|||||||
libxext 1.3.5-r0 apk
|
libxext 1.3.5-r0 apk
|
||||||
libxml2 2.10.3-r1 apk
|
libxml2 2.10.3-r1 apk
|
||||||
libxpm 3.5.15-r0 apk
|
libxpm 3.5.15-r0 apk
|
||||||
libxslt 1.1.37-r0 apk
|
libxslt 1.1.37-r1 apk
|
||||||
libxt 1.2.1-r0 apk
|
libxt 1.2.1-r0 apk
|
||||||
libzip 1.9.2-r2 apk
|
libzip 1.9.2-r2 apk
|
||||||
linux-pam 1.5.2-r1 apk
|
linux-pam 1.5.2-r1 apk
|
||||||
@ -224,7 +224,7 @@ npth 1.6-r2 apk
|
|||||||
oauth2client 4.1.3 python
|
oauth2client 4.1.3 python
|
||||||
oauthlib 3.2.2 python
|
oauthlib 3.2.2 python
|
||||||
oniguruma 6.9.8-r0 apk
|
oniguruma 6.9.8-r0 apk
|
||||||
openssl 3.0.8-r0 apk
|
openssl 3.0.8-r3 apk
|
||||||
p11-kit 0.24.1-r1 apk
|
p11-kit 0.24.1-r1 apk
|
||||||
packaging 23.0 python
|
packaging 23.0 python
|
||||||
parsedatetime 2.6 python
|
parsedatetime 2.6 python
|
||||||
@ -233,36 +233,36 @@ pcre2 10.42-r0 apk
|
|||||||
perl 5.36.0-r0 apk
|
perl 5.36.0-r0 apk
|
||||||
perl-error 0.17029-r1 apk
|
perl-error 0.17029-r1 apk
|
||||||
perl-git 2.38.4-r1 apk
|
perl-git 2.38.4-r1 apk
|
||||||
php-cli 8.1.16 binary
|
php-cli 8.1.17 binary
|
||||||
php-fpm 8.1.16 binary
|
php-fpm 8.1.17 binary
|
||||||
php81 8.1.16-r0 apk
|
php81 8.1.17-r0 apk
|
||||||
php81-bcmath 8.1.16-r0 apk
|
php81-bcmath 8.1.17-r0 apk
|
||||||
php81-bz2 8.1.16-r0 apk
|
php81-bz2 8.1.17-r0 apk
|
||||||
php81-common 8.1.16-r0 apk
|
php81-common 8.1.17-r0 apk
|
||||||
php81-ctype 8.1.16-r0 apk
|
php81-ctype 8.1.17-r0 apk
|
||||||
php81-curl 8.1.16-r0 apk
|
php81-curl 8.1.17-r0 apk
|
||||||
php81-dom 8.1.16-r0 apk
|
php81-dom 8.1.17-r0 apk
|
||||||
php81-exif 8.1.16-r0 apk
|
php81-exif 8.1.17-r0 apk
|
||||||
php81-fileinfo 8.1.16-r0 apk
|
php81-fileinfo 8.1.17-r0 apk
|
||||||
php81-fpm 8.1.16-r0 apk
|
php81-fpm 8.1.17-r0 apk
|
||||||
php81-ftp 8.1.16-r0 apk
|
php81-ftp 8.1.17-r0 apk
|
||||||
php81-gd 8.1.16-r0 apk
|
php81-gd 8.1.17-r0 apk
|
||||||
php81-gmp 8.1.16-r0 apk
|
php81-gmp 8.1.17-r0 apk
|
||||||
php81-iconv 8.1.16-r0 apk
|
php81-iconv 8.1.17-r0 apk
|
||||||
php81-imap 8.1.16-r0 apk
|
php81-imap 8.1.17-r0 apk
|
||||||
php81-intl 8.1.16-r0 apk
|
php81-intl 8.1.17-r0 apk
|
||||||
php81-ldap 8.1.16-r0 apk
|
php81-ldap 8.1.17-r0 apk
|
||||||
php81-mbstring 8.1.16-r0 apk
|
php81-mbstring 8.1.17-r0 apk
|
||||||
php81-mysqli 8.1.16-r0 apk
|
php81-mysqli 8.1.17-r0 apk
|
||||||
php81-mysqlnd 8.1.16-r0 apk
|
php81-mysqlnd 8.1.17-r0 apk
|
||||||
php81-opcache 8.1.16-r0 apk
|
php81-opcache 8.1.17-r0 apk
|
||||||
php81-openssl 8.1.16-r0 apk
|
php81-openssl 8.1.17-r0 apk
|
||||||
php81-pdo 8.1.16-r0 apk
|
php81-pdo 8.1.17-r0 apk
|
||||||
php81-pdo_mysql 8.1.16-r0 apk
|
php81-pdo_mysql 8.1.17-r0 apk
|
||||||
php81-pdo_odbc 8.1.16-r0 apk
|
php81-pdo_odbc 8.1.17-r0 apk
|
||||||
php81-pdo_pgsql 8.1.16-r0 apk
|
php81-pdo_pgsql 8.1.17-r0 apk
|
||||||
php81-pdo_sqlite 8.1.16-r0 apk
|
php81-pdo_sqlite 8.1.17-r0 apk
|
||||||
php81-pear 8.1.16-r0 apk
|
php81-pear 8.1.17-r0 apk
|
||||||
php81-pecl-apcu 5.1.22-r0 apk
|
php81-pecl-apcu 5.1.22-r0 apk
|
||||||
php81-pecl-igbinary 3.2.12-r0 apk
|
php81-pecl-igbinary 3.2.12-r0 apk
|
||||||
php81-pecl-mailparse 3.1.4-r0 apk
|
php81-pecl-mailparse 3.1.4-r0 apk
|
||||||
@ -270,21 +270,21 @@ php81-pecl-mcrypt 1.0.6-r0 apk
|
|||||||
php81-pecl-memcached 3.2.0-r0 apk
|
php81-pecl-memcached 3.2.0-r0 apk
|
||||||
php81-pecl-redis 5.3.7-r0 apk
|
php81-pecl-redis 5.3.7-r0 apk
|
||||||
php81-pecl-xmlrpc 1.0.0_rc3-r0 apk
|
php81-pecl-xmlrpc 1.0.0_rc3-r0 apk
|
||||||
php81-pgsql 8.1.16-r0 apk
|
php81-pgsql 8.1.17-r0 apk
|
||||||
php81-phar 8.1.16-r0 apk
|
php81-phar 8.1.17-r0 apk
|
||||||
php81-posix 8.1.16-r0 apk
|
php81-posix 8.1.17-r0 apk
|
||||||
php81-session 8.1.16-r0 apk
|
php81-session 8.1.17-r0 apk
|
||||||
php81-simplexml 8.1.16-r0 apk
|
php81-simplexml 8.1.17-r0 apk
|
||||||
php81-soap 8.1.16-r0 apk
|
php81-soap 8.1.17-r0 apk
|
||||||
php81-sockets 8.1.16-r0 apk
|
php81-sockets 8.1.17-r0 apk
|
||||||
php81-sodium 8.1.16-r0 apk
|
php81-sodium 8.1.17-r0 apk
|
||||||
php81-sqlite3 8.1.16-r0 apk
|
php81-sqlite3 8.1.17-r0 apk
|
||||||
php81-tokenizer 8.1.16-r0 apk
|
php81-tokenizer 8.1.17-r0 apk
|
||||||
php81-xml 8.1.16-r0 apk
|
php81-xml 8.1.17-r0 apk
|
||||||
php81-xmlreader 8.1.16-r0 apk
|
php81-xmlreader 8.1.17-r0 apk
|
||||||
php81-xmlwriter 8.1.16-r0 apk
|
php81-xmlwriter 8.1.17-r0 apk
|
||||||
php81-xsl 8.1.16-r0 apk
|
php81-xsl 8.1.17-r0 apk
|
||||||
php81-zip 8.1.16-r0 apk
|
php81-zip 8.1.17-r0 apk
|
||||||
pinentry 1.2.1-r0 apk
|
pinentry 1.2.1-r0 apk
|
||||||
pip 23.0.1 python
|
pip 23.0.1 python
|
||||||
pkb-client 1.2 python
|
pkb-client 1.2 python
|
||||||
@ -293,19 +293,19 @@ portalocker 2.7.0 python
|
|||||||
procps 3.3.17-r2 apk
|
procps 3.3.17-r2 apk
|
||||||
protobuf 4.22.1 python
|
protobuf 4.22.1 python
|
||||||
publicsuffixlist 0.9.3 python
|
publicsuffixlist 0.9.3 python
|
||||||
pyOpenSSL 23.0.0 python
|
pyOpenSSL 23.1.1 python
|
||||||
pyRFC3339 1.1 python
|
pyRFC3339 1.1 python
|
||||||
pyacmedns 0.4 python
|
pyacmedns 0.4 python
|
||||||
pyasn1 0.4.8 python
|
pyasn1 0.4.8 python
|
||||||
pyasn1-modules 0.2.8 python
|
pyasn1-modules 0.2.8 python
|
||||||
pycparser 2.21 python
|
pycparser 2.21 python
|
||||||
pyparsing 3.0.9 python
|
pyparsing 3.0.9 python
|
||||||
python 3.10.10 binary
|
python 3.10.11 binary
|
||||||
python-dateutil 2.8.2 python
|
python-dateutil 2.8.2 python
|
||||||
python-digitalocean 1.17.0 python
|
python-digitalocean 1.17.0 python
|
||||||
python-transip 0.6.0 python
|
python-transip 0.6.0 python
|
||||||
python3 3.10.10-r0 apk
|
python3 3.10.11-r0 apk
|
||||||
pytz 2022.7.1 python
|
pytz 2023.3 python
|
||||||
readline 8.2.0-r0 apk
|
readline 8.2.0-r0 apk
|
||||||
requests 2.28.2 python
|
requests 2.28.2 python
|
||||||
requests-file 1.5.1 python
|
requests-file 1.5.1 python
|
||||||
@ -321,20 +321,20 @@ skalibs 2.12.0.1-r0 apk
|
|||||||
soupsieve 2.4 python
|
soupsieve 2.4 python
|
||||||
sqlite-libs 3.40.1-r0 apk
|
sqlite-libs 3.40.1-r0 apk
|
||||||
ssl_client 1.35.0-r29 apk
|
ssl_client 1.35.0-r29 apk
|
||||||
tiff 4.4.0-r1 apk
|
tiff 4.4.0-r3 apk
|
||||||
tldextract 3.4.0 python
|
tldextract 3.4.0 python
|
||||||
typing-inspect 0.8.0 python
|
typing-inspect 0.8.0 python
|
||||||
typing_extensions 4.5.0 python
|
typing_extensions 4.5.0 python
|
||||||
tzdata 2022f-r1 apk
|
tzdata 2023c-r0 apk
|
||||||
unixodbc 2.3.11-r0 apk
|
unixodbc 2.3.11-r0 apk
|
||||||
uritemplate 4.1.1 python
|
uritemplate 4.1.1 python
|
||||||
urllib3 1.26.14 python
|
urllib3 1.26.15 python
|
||||||
utmps-libs 0.1.2.0-r1 apk
|
utmps-libs 0.1.2.0-r1 apk
|
||||||
wheel 0.38.4 python
|
wheel 0.40.0 python
|
||||||
whois 5.5.14-r0 apk
|
whois 5.5.14-r0 apk
|
||||||
xz 5.2.9-r0 apk
|
xz 5.2.9-r0 apk
|
||||||
xz-libs 5.2.9-r0 apk
|
xz-libs 5.2.9-r0 apk
|
||||||
zipp 3.15.0 python
|
zipp 3.15.0 python
|
||||||
zlib 1.2.13-r0 apk
|
zlib 1.2.13-r0 apk
|
||||||
zope.interface 5.5.2 python
|
zope.interface 6.0 python
|
||||||
zstd-libs 1.5.2-r9 apk
|
zstd-libs 1.5.5-r0 apk
|
||||||
|
|||||||
@ -154,6 +154,8 @@ app_setup_block: |
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "25.03.23:", desc: "Fix renewal post hook." }
|
||||||
|
- { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }
|
||||||
- { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
|
- { date: "09.03.23:", desc: "Add Google Domains DNS support, `google-domains`." }
|
||||||
- { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
|
- { date: "02.03.23:", desc: "Set permissions on crontabs during init." }
|
||||||
- { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
|
- { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
. /config/.donoteditthisfile.conf
|
. /config/.donoteditthisfile.conf
|
||||||
|
|
||||||
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
|
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
|
||||||
if pgrep -f "s6-supervise nginx" >/dev/null; then
|
if pgrep -f "s6-supervise svc-nginx" >/dev/null; then
|
||||||
s6-svc -u /run/service/svc-nginx
|
s6-svc -u /run/service/svc-nginx
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
|
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
|
||||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||||
# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
|
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||||
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||||
|
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||||
# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
|
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||||
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||||
|
|
||||||
# location for authelia subfolder requests
|
# location for authelia subfolder requests
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
|
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
|
||||||
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
||||||
# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
|
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
|
||||||
|
|
||||||
## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /outpost.goauthentik.io/auth/nginx;
|
auth_request /outpost.goauthentik.io/auth/nginx;
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
|
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
|
||||||
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
||||||
# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
|
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
|
||||||
|
|
||||||
# location for authentik subfolder requests
|
# location for authentik subfolder requests
|
||||||
location ^~ /outpost.goauthentik.io {
|
location ^~ /outpost.goauthentik.io {
|
||||||
|
|||||||
@ -29,23 +29,6 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azur
|
|||||||
sleep infinity
|
sleep infinity
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# set_ini_value logic:
|
|
||||||
# - if the name is not found in the file, append the name=value to the end of the file
|
|
||||||
# - if the name is found in the file, replace the value
|
|
||||||
# - if the name is found in the file but commented out, uncomment the line and replace the value
|
|
||||||
# call set_ini_value with parameters: $1=name $2=value $3=file
|
|
||||||
function set_ini_value() {
|
|
||||||
name=${1//\//\\/}
|
|
||||||
value=${2//\//\\/}
|
|
||||||
sed -i \
|
|
||||||
-e '/^#\?\(\s*'"${name}"'\s*=\s*\).*/{s//\1'"${value}"'/;:a;n;ba;q}' \
|
|
||||||
-e '$a'"${name}"'='"${value}" "${3}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
|
|
||||||
touch /config/etc/letsencrypt/cli.ini
|
|
||||||
grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
|
|
||||||
|
|
||||||
# copy dns default configs
|
# copy dns default configs
|
||||||
cp -n /defaults/dns-conf/* /config/dns-conf/
|
cp -n /defaults/dns-conf/* /config/dns-conf/
|
||||||
lsiown -R abc:abc /config/dns-conf
|
lsiown -R abc:abc /config/dns-conf
|
||||||
@ -58,6 +41,7 @@ lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
|
|||||||
# replace nginx service location in renewal hooks
|
# replace nginx service location in renewal hooks
|
||||||
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
|
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
|
||||||
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
|
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
|
||||||
|
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|s6-supervise nginx|s6-supervise svc-nginx|g' {} \;
|
||||||
|
|
||||||
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
|
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
|
||||||
if [[ -f "/config/donoteditthisfile.conf" ]]; then
|
if [[ -f "/config/donoteditthisfile.conf" ]]; then
|
||||||
@ -157,6 +141,10 @@ else
|
|||||||
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
|
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# cleanup unused csr and keys folders
|
||||||
|
rm -rf /etc/letsencrypt/csr
|
||||||
|
rm -rf /etc/letsencrypt/keys
|
||||||
|
|
||||||
# checking for changes in cert variables, revoking certs if necessary
|
# checking for changes in cert variables, revoking certs if necessary
|
||||||
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
||||||
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
|
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
|
||||||
@ -169,25 +157,21 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
|||||||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
|
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
|
||||||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
||||||
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
|
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
|
||||||
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
|
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
|
||||||
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
|
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
|
||||||
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
|
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
|
||||||
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||||
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
|
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
||||||
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
|
sleep infinity
|
||||||
fi
|
|
||||||
if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
|
||||||
REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
|
|
||||||
fi
|
fi
|
||||||
|
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
|
||||||
elif [[ "${ORIGSTAGING}" = "true" ]]; then
|
elif [[ "${ORIGSTAGING}" = "true" ]]; then
|
||||||
REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
|
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
else
|
else
|
||||||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||||
fi
|
fi
|
||||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
|
||||||
else
|
|
||||||
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
|
||||||
fi
|
fi
|
||||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||||
fi
|
fi
|
||||||
@ -198,11 +182,9 @@ echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS
|
|||||||
# Check if the cert is using the old LE root cert, revoke and regen if necessary
|
# Check if the cert is using the old LE root cert, revoke and regen if necessary
|
||||||
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
|
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
|
||||||
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
||||||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
|
||||||
else
|
|
||||||
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
|
||||||
fi
|
fi
|
||||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||||
fi
|
fi
|
||||||
@ -226,51 +208,52 @@ else
|
|||||||
ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
|
# figuring out url only vs url & subdomains vs subdomains only
|
||||||
|
|
||||||
# figuring out domain only vs domain & subdomains vs subdomains only
|
|
||||||
DOMAINS_ARRAY=()
|
|
||||||
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
|
|
||||||
DOMAINS_ARRAY+=("${URL}")
|
|
||||||
fi
|
|
||||||
if [[ -n "${SUBDOMAINS}" ]]; then
|
if [[ -n "${SUBDOMAINS}" ]]; then
|
||||||
echo "SUBDOMAINS entered, processing"
|
echo "SUBDOMAINS entered, processing"
|
||||||
SUBDOMAINS_ARRAY=()
|
|
||||||
if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
|
if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
|
||||||
SUBDOMAINS_ARRAY+=("*.${URL}")
|
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
|
||||||
echo "Wildcard cert for ${URL} will be requested"
|
export URL_REAL="-d *.${URL}"
|
||||||
|
echo "Wildcard cert for only the subdomains of ${URL} will be requested"
|
||||||
|
else
|
||||||
|
export URL_REAL="-d *.${URL} -d ${URL}"
|
||||||
|
echo "Wildcard cert for ${URL} will be requested"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
|
echo "SUBDOMAINS entered, processing"
|
||||||
for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
|
for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
|
||||||
SUBDOMAINS_ARRAY+=("${job}.${URL}")
|
export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
|
||||||
done
|
done
|
||||||
echo "Sub-domains processed are: $(echo "${SUBDOMAINS_ARRAY[*]}" | tr " " ",")"
|
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
|
||||||
|
URL_REAL="${SUBDOMAINS_REAL}"
|
||||||
|
echo "Only subdomains, no URL in cert"
|
||||||
|
else
|
||||||
|
URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
|
||||||
|
fi
|
||||||
|
echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
|
||||||
fi
|
fi
|
||||||
DOMAINS_ARRAY+=("${SUBDOMAINS_ARRAY[@]}")
|
else
|
||||||
|
echo "No subdomains defined"
|
||||||
|
URL_REAL="-d ${URL}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# add extra domains
|
# add extra domains
|
||||||
if [[ -n "${EXTRA_DOMAINS}" ]]; then
|
if [[ -n "${EXTRA_DOMAINS}" ]]; then
|
||||||
echo "EXTRA_DOMAINS entered, processing"
|
echo "EXTRA_DOMAINS entered, processing"
|
||||||
EXTRA_DOMAINS_ARRAY=()
|
|
||||||
for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
|
for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
|
||||||
EXTRA_DOMAINS_ARRAY+=("${job}")
|
export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
|
||||||
done
|
done
|
||||||
echo "Extra domains processed are: $(echo "${EXTRA_DOMAINS_ARRAY[*]}" | tr " " ",")"
|
echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
|
||||||
DOMAINS_ARRAY+=("${EXTRA_DOMAINS_ARRAY[@]}")
|
URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# setting domains in cli.ini
|
|
||||||
set_ini_value "domains" "$(echo "${DOMAINS_ARRAY[*]}" | tr " " ",")" /config/etc/letsencrypt/cli.ini
|
|
||||||
|
|
||||||
# figuring out whether to use e-mail and which
|
# figuring out whether to use e-mail and which
|
||||||
if [[ ${EMAIL} == *@* ]]; then
|
if [[ ${EMAIL} == *@* ]]; then
|
||||||
echo "E-mail address entered: ${EMAIL}"
|
echo "E-mail address entered: ${EMAIL}"
|
||||||
set_ini_value "email" "${EMAIL}" /config/etc/letsencrypt/cli.ini
|
EMAILPARAM="-m ${EMAIL} --no-eff-email"
|
||||||
set_ini_value "no-eff-email" "true" /config/etc/letsencrypt/cli.ini
|
|
||||||
set_ini_value "register-unsafely-without-email" "false" /config/etc/letsencrypt/cli.ini
|
|
||||||
else
|
else
|
||||||
echo "No e-mail address entered or address invalid"
|
echo "No e-mail address entered or address invalid"
|
||||||
set_ini_value "register-unsafely-without-email" "true" /config/etc/letsencrypt/cli.ini
|
EMAILPARAM="--register-unsafely-without-email"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# alter extension for error message
|
# alter extension for error message
|
||||||
@ -282,41 +265,37 @@ fi
|
|||||||
|
|
||||||
# setting the validation method to use
|
# setting the validation method to use
|
||||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||||
set_ini_value "preferred-challenges" "dns" /config/etc/letsencrypt/cli.ini
|
AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
|
||||||
set_ini_value "authenticator" "dns-${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
|
DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
|
||||||
set_ini_value "dns-${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
|
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
if [[ -n "${PROPAGATION}" ]]; then set_ini_value "dns-${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
|
|
||||||
|
|
||||||
# plugins that don't support setting credentials file
|
# plugins that don't support setting credentials file
|
||||||
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
|
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
|
||||||
sed "/^dns-${DNSPLUGIN}-credentials /d" /config/etc/letsencrypt/cli.ini
|
DNSCREDENTIALSPARAM=""
|
||||||
fi
|
fi
|
||||||
# plugins that don't support setting propagation
|
# plugins that don't support setting propagation
|
||||||
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then
|
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
|
||||||
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
|
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
|
||||||
sed "/^dns-${DNSPLUGIN}-propagation-seconds /d" /config/etc/letsencrypt/cli.ini
|
PROPAGATIONPARAM=""
|
||||||
fi
|
fi
|
||||||
# plugins that use old parameter naming convention
|
# plugins that use old parameter naming convention
|
||||||
if [[ "${DNSPLUGIN}" =~ ^(cpanel|directadmin)$ ]]; then
|
if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
|
||||||
sed "/^dns-${DNSPLUGIN}-credentials /d" /config/etc/letsencrypt/cli.ini
|
AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
|
||||||
sed "/^dns-${DNSPLUGIN}-propagation-seconds /d" /config/etc/letsencrypt/cli.ini
|
DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
|
||||||
set_ini_value "authenticator" "${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
|
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||||
set_ini_value "${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
|
|
||||||
if [[ -n "${PROPAGATION}" ]]; then set_ini_value "${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
|
|
||||||
fi
|
fi
|
||||||
# don't restore txt records when using DuckDNS plugin
|
# don't restore txt records when using DuckDNS plugin
|
||||||
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
|
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
|
||||||
set_ini_value "dns-${DNSPLUGIN}-no-txt-restore" "true" /config/etc/letsencrypt/cli.ini
|
AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
|
||||||
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
|
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
|
||||||
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
|
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
|
||||||
set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
|
PREFCHAL="--standalone --preferred-challenges http"
|
||||||
set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
|
|
||||||
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
|
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
|
||||||
else
|
else
|
||||||
set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
|
PREFCHAL="--standalone --preferred-challenges http"
|
||||||
set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
|
|
||||||
echo "http validation is selected"
|
echo "http validation is selected"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -325,17 +304,17 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
|
|||||||
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
|
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
|
||||||
echo "Retrieving EAB from ZeroSSL"
|
echo "Retrieving EAB from ZeroSSL"
|
||||||
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
|
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
|
||||||
ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | jq .eab_kid)
|
ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
|
||||||
ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | jq .eab_hmac_key)
|
ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
|
||||||
if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||||
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
||||||
sleep infinity
|
sleep infinity
|
||||||
fi
|
fi
|
||||||
set_ini_value "eab-kid" "${ZEROSSL_EAB_KID}" /config/etc/letsencrypt/cli.ini
|
ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
|
||||||
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
|
|
||||||
fi
|
fi
|
||||||
echo "Generating new certificate"
|
echo "Generating new certificate"
|
||||||
certbot certonly --non-interactive --renew-by-default
|
# shellcheck disable=SC2086
|
||||||
|
certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
|
||||||
if [[ ! -d /config/keys/letsencrypt ]]; then
|
if [[ ! -d /config/keys/letsencrypt ]]; then
|
||||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
|
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user