From 6251f898ea86aae7423d1754671f7a329e58d9ce Mon Sep 17 00:00:00 2001 From: Brandon Schmitt Date: Sun, 6 Dec 2020 20:29:12 +0100 Subject: [PATCH 1/3] Fix error in python script extracting certs from the acme.json file if there are sections with null values as certs Signed-off-by: Brandon Schmitt --- target/helper-functions.sh | 22 ++++++++++++---------- test/config/letsencrypt/acme.json | 4 ++++ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/target/helper-functions.sh b/target/helper-functions.sh index 76bc3834..f473ca0e 100755 --- a/target/helper-functions.sh +++ b/target/helper-functions.sh @@ -56,11 +56,12 @@ import sys,json acme = json.load(sys.stdin) for key, value in acme.items(): certs = value['Certificates'] - for cert in certs: - if 'domain' in cert and 'key' in cert: - if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']: - print cert['key'] - break + if certs is not None: + for cert in certs: + if 'domain' in cert and 'key' in cert: + if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']: + print cert['key'] + break ") local CERT @@ -70,11 +71,12 @@ import sys,json acme = json.load(sys.stdin) for key, value in acme.items(): certs = value['Certificates'] - for cert in certs: - if 'domain' in cert and 'certificate' in cert: - if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']: - print cert['certificate'] - break + if certs is not None: + for cert in certs: + if 'domain' in cert and 'certificate' in cert: + if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']: + print cert['certificate'] + break ") if [[ -n "${KEY}${CERT}" ]] diff --git a/test/config/letsencrypt/acme.json b/test/config/letsencrypt/acme.json index 244d058a..b67bedac 100644 --- a/test/config/letsencrypt/acme.json +++ b/test/config/letsencrypt/acme.json @@ -1,4 +1,8 @@ { + "empty": { + "Account": null, + "Certificates": null + }, "le": { "Account": { "Email": "acme@admin.com", From c020cc88a15e45431b71aea039337119d2aec6d8 Mon Sep 17 00:00:00 2001 From: Brandon Schmitt Date: Sun, 6 Dec 2020 20:36:22 +0100 Subject: [PATCH 2/3] Use the environment var SSL_DOMAIN while extracting certs from the acme.json during start-up Signed-off-by: Brandon Schmitt --- target/start-mailserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 9cb951b0..293208b9 100755 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -1095,7 +1095,7 @@ function _setup_ssl local LETSENCRYPT_DOMAIN="" local LETSENCRYPT_KEY="" - [[ -f /etc/letsencrypt/acme.json ]] && (_extract_certs_from_acme "${HOSTNAME}" || _extract_certs_from_acme "${DOMAINNAME}") + [[ -f /etc/letsencrypt/acme.json ]] && (_extract_certs_from_acme "${SSL_DOMAIN}" || _extract_certs_from_acme "${HOSTNAME}" || _extract_certs_from_acme "${DOMAINNAME}") # first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert if [[ -e /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem ]] From ad4d4cc7947e3e5a72cc43379c349b0799310bf4 Mon Sep 17 00:00:00 2001 From: Brandon Schmitt Date: Fri, 11 Dec 2020 04:51:53 +0100 Subject: [PATCH 3/3] Refactor bash [[ ... ]] && ... || ... into if then else --- target/start-mailserver.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 293208b9..57e5b13d 100755 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -1095,7 +1095,16 @@ function _setup_ssl local LETSENCRYPT_DOMAIN="" local LETSENCRYPT_KEY="" - [[ -f /etc/letsencrypt/acme.json ]] && (_extract_certs_from_acme "${SSL_DOMAIN}" || _extract_certs_from_acme "${HOSTNAME}" || _extract_certs_from_acme "${DOMAINNAME}") + if [[ -f /etc/letsencrypt/acme.json ]] + then + if ! _extract_certs_from_acme "${SSL_DOMAIN}" + then + if ! _extract_certs_from_acme "${HOSTNAME}" + then + _extract_certs_from_acme "${DOMAINNAME}" + fi + fi + fi # first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert if [[ -e /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem ]]