boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mailwolt-installer/scripts/75-le-issue.sh

76 lines
2.5 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh
ACME_WEBROOT="/var/www/letsencrypt"
resolve_ok() {
local host="$1"
getent ahosts "$host" | awk '{print $1}' | sort -u | grep -q -F "$SERVER_PUBLIC_IPV4"
}
issue() {
local host="$1"
echo "[i] Versuche LE für ${host}"
if ! resolve_ok "$host"; then
echo "[!] DNS zeigt (noch) nicht auf diese IP überspringe: ${host}"
return 0
fi
certbot certonly --agree-tos -m "${LE_EMAIL:-admin@${BASE_DOMAIN}}" \
--non-interactive --webroot -w "$ACME_WEBROOT" -d "$host" || true
}
if [[ "$BASE_DOMAIN" != "example.com" ]]; then
issue "$UI_HOST"
issue "$WEBMAIL_HOST"
issue "$MAIL_HOSTNAME"
# Hook verlinkt automatisch; reload nginx:
systemctl reload nginx || true
else
echo "[i] BASE_DOMAIN=example.com LE-Ausstellung wird übersprungen."
fi
##!/usr/bin/env bash
#set -euo pipefail
#source ./lib.sh
#
## Falls du auch UI/Webmail am Backend ausstellen willst, setz diese Flags vor dem Installer:
## ISSUE_UI_CERT=1 ISSUE_WEBMAIL_CERT=1 ./install.sh
#ISSUE_UI_CERT="${ISSUE_UI_CERT:-0}"
#ISSUE_WEBMAIL_CERT="${ISSUE_WEBMAIL_CERT:-0}"
#
#ACME_WEBROOT="/var/www/letsencrypt"
#install -d -m 0755 "$ACME_WEBROOT"
#
## nginx muss bereits laufen (Step 70), und die Location für /.well-known muss existieren.
#
#issue_if_points_here() {
# local host="$1"
# [[ -z "$host" ]] && return 0
# # prüfe, ob A/AAAA auf unsere erkannte Public IP zeigen
# local want_ip="${SERVER_PUBLIC_IPV4:-$(hostname -I | awk '{print $1}')}"
# local has_ip; has_ip="$(getent ahosts "$host" | awk '{print $1}' | sort -u | head -n1 || true)"
# if [[ "$has_ip" != "$want_ip" ]]; then
# log "DNS von $host zeigt auf $has_ip (nicht $want_ip) überspringe HTTP-01 hier."
# return 0
# fi
#
# log "Fordere LE-Zertifikat an für ${host} …"
# certbot certonly --agree-tos \
# -m "${LE_EMAIL:-admin@${BASE_DOMAIN}}" \
# --non-interactive \
# --webroot -w "$ACME_WEBROOT" \
# -d "$host" || true
#}
#
## In deiner Topologie holt NPM die UI/Webmail-Zerts → hier nur MX
#if [[ "${BASE_DOMAIN}" != "example.com" ]]; then
# issue_if_points_here "${MAIL_HOSTNAME:-}"
#
# # Optional nur wenn explizit freigegeben:
# [[ "$ISSUE_UI_CERT" = "1" ]] && issue_if_points_here "${UI_HOST:-}"
# [[ "$ISSUE_WEBMAIL_CERT" = "1" ]] && issue_if_points_here "${WEBMAIL_HOST:-}"
#fi
#
## Nach erfolgreicher Ausstellung sofort die stabilen Pfade verlinken (Deploy-Hook nutzen)
#bash /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh || true
Reference in New Issue View Git Blame Copy Permalink