From 7b317c84d742209c3daabc4ea3a6e11039af8bdc Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Sat, 14 Dec 2024 07:13:29 -0500 Subject: [PATCH 1/4] =?UTF-8?q?don=E2=80=99t=20worry=20about=20externally?= =?UTF-8?q?=20managed=20packages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index a68af98..d5dc6a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN echo "**** install OpenSSL ****" && \ if [ ! -e /usr/bin/python ]; then ln -sf python3 /usr/bin/python ; fi && \ \ echo "**** install pip ****" && \ + rm /usr/lib/python*/EXTERNALLY-MANAGED && \ python3 -m ensurepip && \ rm -r /usr/lib/python*/ensurepip && \ pip3 install --no-cache --upgrade pip setuptools wheel && \ From 1cebf850c9ba1d8b472872b770d91ab4032ef881 Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Sat, 14 Dec 2024 07:31:28 -0500 Subject: [PATCH 2/4] use the full certificate file --- serve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/serve.sh b/serve.sh index 2ff1aed..1f30cd0 100755 --- a/serve.sh +++ b/serve.sh @@ -35,7 +35,7 @@ fi; export NODEBALANCER_LABEL=`linode-cli nodebalancers view $NODEBALANCER_ID --text --no-headers --format label` -if [-z "$NODEBALANCER_LABEL" ]; +if [ -z "$NODEBALANCER_LABEL" ]; then echo Bad NODEBALANCER_ID $NODEBALANCER_ID exit 1 @@ -107,7 +107,7 @@ $ACME --config-home /data \ --reloadcmd "/install_cert.sh" \ --pre-hook "rm $OK_FILE || true" \ $NOTIFY_HOOK \ - --cert-file /data/cert.pem \ + --fullchain-file /data/cert.pem \ --key-file /data/key.pem \ --force From 77c22758a9c0d2ed6a130cdce96cbd3f677bbe38 Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Sat, 14 Dec 2024 07:42:15 -0500 Subject: [PATCH 3/4] register email address --- serve.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/serve.sh b/serve.sh index 1f30cd0..0f21ea1 100755 --- a/serve.sh +++ b/serve.sh @@ -100,6 +100,11 @@ fi; # Start the web server in the background nginx +$ACME --config-home /data \ + --register-account -m $EMAIL_ADDRESS --server zerossl +$ACME --config-home /data \ + --set-default-ca --server zerossl + # Run the cert for the given domain using nginx $ACME --config-home /data \ --issue -d $DOMAIN_NAME \ From e3b73b642fb6e6c02a4b505b908f4833c6f5ebdf Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Sat, 14 Dec 2024 21:59:52 -0500 Subject: [PATCH 4/4] update documentation --- README.md | 1 + serve.sh | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/README.md b/README.md index 2653089..5e5b167 100644 --- a/README.md +++ b/README.md @@ -168,6 +168,7 @@ When this Docker image is updated and you want to start using it, or if you want ## Required Variables * DOMAIN_NAME + * EMAIL_ADDRESS * LINODE_CLI_TOKEN * NODEBALANCER_ID * CONFIG_ID diff --git a/serve.sh b/serve.sh index 0f21ea1..188625c 100755 --- a/serve.sh +++ b/serve.sh @@ -10,6 +10,13 @@ then exit 1 fi; +# If we don't have an EMAIL_ADDRESS set, complain and exit +if [ -z "$EMAIL_ADDRESS" ]; +then + echo "Error: EMAIL_ADDRESS variable not set." + exit 1 +fi; + # If we don't have a LINODE_CLI_TOKEN set, complain and exit if [ -z "$LINODE_CLI_TOKEN" ]; then @@ -100,8 +107,11 @@ fi; # Start the web server in the background nginx +# register email address $ACME --config-home /data \ --register-account -m $EMAIL_ADDRESS --server zerossl + +# use zerossl by default $ACME --config-home /data \ --set-default-ca --server zerossl