Skip to content

check .pem existence and concat to combined.pem with added eol#118

Merged
tomav merged 1 commit intodocker-mailserver:masterfrom
willtho89:master
Apr 8, 2016
Merged

check .pem existence and concat to combined.pem with added eol#118
tomav merged 1 commit intodocker-mailserver:masterfrom
willtho89:master

Conversation

@willtho89
Copy link
Copy Markdown
Contributor

@willtho89 willtho89 commented Apr 5, 2016

Checks existince of cert, chain and privkey.pem.
Concats these files to combined.pem and adds a linebreak after each file
if there were none. This commit doesn't change the LE created .pem
files, so no unlinking on the host should happen (see
#111)

@willtho89
check .pem existence and concat to combined.pem with added eol
d2bb97a 
Checks existince of cert, chain and privkey.pem.
Concats these files to combined.pem and adds a linebreak after each file
if there were none. This commit doesn't change the LE created .pem
files, so no unlinking on the host should happen (see
#111)
@willtho89 willtho89 mentioned this pull request Apr 5, 2016
Merged
@tomav tomav merged commit ae5052f into docker-mailserver:master Apr 8, 2016
@tomav
Copy link
Copy Markdown
Contributor

tomav commented Apr 8, 2016

Thank you @reldeiS

@00angus
Copy link
Copy Markdown
Contributor

00angus commented Apr 8, 2016

@reldeiS Sorry, me again!
While trying your patch (I'm in v2 branch currently but the code is the same for letsencrypt) I've found a bug, at least it doesn't work on my server.
Here are the details.
The command you have introduced to combine certs is as follows:

 sed -e '$a\' -s "/etc/letsencrypt/live/$(hostname)/{cert,chain,privkey}.pem" > ...

The problem is that those ".."around the command don't let the in-line expansion take place:

root@mail:/# ls -1 "/etc/letsencrypt/live/$(hostname)/{cert,chain,privkey}.pem"
ls: cannot access /etc/letsencrypt/live/mail.printk.it/{cert,chain,privkey}.pem: No such file or directory
root@mail:/# ls -1 /etc/letsencrypt/live/$(hostname)/{cert,chain,privkey}.pem
/etc/letsencrypt/live/mail.printk.it/cert.pem
/etc/letsencrypt/live/mail.printk.it/chain.pem
/etc/letsencrypt/live/mail.printk.it/privkey.pem

So even the sed command fails with:

  sed: can't read /etc/letsencrypt/live/mail.printk.it/{cert,chain,privkey}.pem: No such file or directory

I think we have to remove the "..".

Anyway, as for branch v2, it seems that for dovecot we don't need any more the combined .pem. I'm running my server with this version and the only certs I'm using right now are:

  • fullchain.pem
  • privkey.pem

It's the same as for Postfix.

00angus added a commit to 00angus/docker-mailserver that referenced this pull request Apr 8, 2016
@00angus
Merge pull request docker-mailserver#118 from Reldeis/master
a083292 
check .pem existence and concat to combined.pem with added eol.

Minor changes to command line that combine certs.
@willtho89
Copy link
Copy Markdown
Contributor Author

willtho89 commented Apr 11, 2016

I'm on vacation right now, so i have no access to my PC. Could you PR your fix, @00angus?

The curious thing is: it worked (and actually works right now) on my system.

Quickedit: It could be that my own lets encrypt script created the combined.pem file, but i'd need to check that

@00angus
Copy link
Copy Markdown
Contributor

00angus commented Apr 11, 2016

@reldeiS PR submitted right now

@00angus 00angus mentioned this pull request Apr 11, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@willtho89 @tomav @00angus