auto-agree to Let's Encrypt's terms of service during setup

fixes #1409

This reverts commit 82844ca651 ("make certbot auto-agree to TOS if NONINTERACTIVE=1 env var is set (#1399)") and instead *always* auto-agree. If we don't auto-agree, certbot asks the user interactively, but our "curl | bash" setup line does not permit interactive prompts, so certbot failed to register and all certificate things were broken until the command was re-run interactively.

CHANGELOG.md

@@ -4,6 +4,7 @@ CHANGELOG
 In Development
 --------------
 
+* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
 * Update to Nextcloud 13.0.5.
 * Update to Roundcube 1.3.7.
 * Update to Z-Push 2.4.4.

Vagrantfile

@@ -19,12 +19,9 @@ Vagrant.configure("2") do |config|
   config.vm.network "private_network", ip: "192.168.50.4"
 
   config.vm.provision :shell, :inline => <<-SH
-  # Set environment variables so that the setup script does
-  # not ask any questions during provisioning. We'll let the
-  # machine figure out its own public IP.
-  #
-  # Please note: NONINTERACTIVE=1 mode means that you'll automatically agree
-  # to Let's Encrypt's ACME Subscriber Agreement.
+    # Set environment variables so that the setup script does
+    # not ask any questions during provisioning. We'll let the
+    # machine figure out its own public IP.
     export NONINTERACTIVE=1
     export PUBLIC_IP=auto
     export PUBLIC_IPV6=auto

setup/start.sh

@@ -130,17 +130,18 @@ restart_service fail2ban
 # If there aren't any mail users yet, create one.
 source setup/firstuser.sh
 
-# Register with Let's Encrypt, including agreeing to the Terms of Service. This
-# is an interactive command.
+# Register with Let's Encrypt, including agreeing to the Terms of Service.
+# We'd let certbot ask the user interactively, but when this script is
+# run in the recommended curl-pipe-to-bash method there is no TTY and
+# certbot will fail if it tries to ask.
 if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then
 echo
 echo "-----------------------------------------------"
-echo "Mail-in-a-Box uses Let's Encrypt to provision free certificates"
-echo "to enable HTTPS connections to your box. You'll now be asked to agree"
-echo "to Let's Encrypt's terms of service."
+echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
+echo "to enable HTTPS connections to your box. We're automatically"
+echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
 echo
-certbot register $([ "$NONINTERACTIVE" == 1 ] && echo "--agree-tos") \
-    --register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt
+certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
 fi
 
 # Done.