balki/mail4one
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 5 Wiki Activity

Improve cert_copy script to work better for the first time

Browse Source
This commit is contained in:
Balakrishnan Balasubramanian 2024-04-01 18:09:36 -04:00
parent eb5c71968a
commit 4df53ce247
2 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
deploy_configs/README.md
View File

@ -81,15 +81,16 @@ systemctl status mail4one
Above command should fail as the TLS certificates don't exist yet. Above command should fail as the TLS certificates don't exist yet.
## Setup TLS certificates ## Setup TLS certificates
Install [certbot](https://certbot.eff.org/) and run below command. Follow instructions to create TLS certificates. Usually you want certificate for domain name like `mail.example.com` Install [certbot](https://certbot.eff.org/) and run below command. Follow instructions to create TLS certificates. Usually you want certificate for domain name like `mail.mydomain.com`
```sh ```sh
sudo certbot certonly sudo certbot certonly
sudo cp /etc/letsencrypt/live/mail.example.com/{fullchain,privkey}.pem /var/lib/mail4one/certs/
sudo chown mail4one:mail4one /var/lib/mail4one/certs/{fullchain,privkey}.pem
# Edit mail4one_cert_copy.sh to update your domain name # **Edit** mail4one_cert_copy.sh to update your domain name
sudo cp mail4one_cert_copy.sh /etc/letsencrypt/renewal-hooks/deploy/ sudo cp mail4one_cert_copy.sh /etc/letsencrypt/renewal-hooks/deploy/
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/mail4one_cert_copy.sh sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/mail4one_cert_copy.sh
# This will create and copy the certificates to the right path with correct permissions and ownership
sudo certbot certonly -d mail.mydomain.com --run-deploy-hooks --dry-run
``` ```
## Restart service and check logs ## Restart service and check logs
```sh ```sh
@ -109,6 +110,6 @@ python3 -m http.server 25
In local machine or a browser In local machine or a browser
You should see file listing a, b, c. Repeat for port 465, 995 to make sure firewall rules and dns is working You should see file listing a, b, c. Repeat for port 465, 995 to make sure firewall rules and dns is working
```sh ```sh
curl http://mail.example.com:25 curl http://mail.mydomain.com:25
``` ```
If not working, refer to VPS settings and OS firewall settings. If not working, refer to VPS settings and OS firewall settings.

22
deploy_configs/mail4one_cert_copy.sh
View File

@ -7,13 +7,21 @@
# This file is supposed to be copied to /etc/letsencrypt/renewal-hooks/deploy/ # This file is supposed to be copied to /etc/letsencrypt/renewal-hooks/deploy/
# Change the mail domain to the one on MX record # Change the mail domain to the one on MX record
set -eu
if [ "$RENEWED_DOMAINS" = "mail.mydomain.com" ] if [ "$RENEWED_DOMAINS" = "mail.mydomain.com" ]
then then
mkdir -p /var/lib/mail4one/certs app=mail4one
chmod 750 /var/lib/mail4one/certs appuser=$app
chown mail4one:mail4one /var/lib/mail4one/certs certpath="/var/lib/$app/certs"
cp "$RENEWED_LINEAGE/fullchain.pem" /var/lib/mail4one/certs/
cp "$RENEWED_LINEAGE/privkey.pem" /var/lib/mail4one/certs/ mkdir -p "$certpath"
systemctl restart mail4one.service chmod 750 "$certpath"
echo "$(date) Renewed and deployed certificates for mail4one" >> /var/log/mail4one-cert-renew.log
chown $appuser:$appuser "$certpath"
install -o "$appuser" -g "$appuser" -m 444 "$RENEWED_LINEAGE/fullchain.pem" -t "$certpath"
install -o "$appuser" -g "$appuser" -m 400 "$RENEWED_LINEAGE/privkey.pem" -t "$certpath"
systemctl restart $app.service
echo "$(date) Renewed and deployed certificates for $app" >> /var/log/cert-renew.log
fi fi