auto-agree to Let's Encrypt's terms of service during setup

fixes #1409

This reverts commit 82844ca651 ("make certbot auto-agree to TOS if NONINTERACTIVE=1 env var is set (#1399)") and instead *always* auto-agree. If we don't auto-agree, certbot asks the user interactively, but our "curl | bash" setup line does not permit interactive prompts, so certbot failed to register and all certificate things were broken until the command was re-run interactively.
This commit is contained in:
Joshua Tauberer 2018-09-03 12:52:03 -04:00
parent a5d5a073c7
commit 842fbb3d72
3 changed files with 12 additions and 13 deletions

View file

@ -4,6 +4,7 @@ CHANGELOG
In Development In Development
-------------- --------------
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
* Update to Nextcloud 13.0.5. * Update to Nextcloud 13.0.5.
* Update to Roundcube 1.3.7. * Update to Roundcube 1.3.7.
* Update to Z-Push 2.4.4. * Update to Z-Push 2.4.4.

9
Vagrantfile vendored
View file

@ -19,12 +19,9 @@ Vagrant.configure("2") do |config|
config.vm.network "private_network", ip: "192.168.50.4" config.vm.network "private_network", ip: "192.168.50.4"
config.vm.provision :shell, :inline => <<-SH config.vm.provision :shell, :inline => <<-SH
# Set environment variables so that the setup script does # Set environment variables so that the setup script does
# not ask any questions during provisioning. We'll let the # not ask any questions during provisioning. We'll let the
# machine figure out its own public IP. # machine figure out its own public IP.
#
# Please note: NONINTERACTIVE=1 mode means that you'll automatically agree
# to Let's Encrypt's ACME Subscriber Agreement.
export NONINTERACTIVE=1 export NONINTERACTIVE=1
export PUBLIC_IP=auto export PUBLIC_IP=auto
export PUBLIC_IPV6=auto export PUBLIC_IPV6=auto

View file

@ -130,17 +130,18 @@ restart_service fail2ban
# If there aren't any mail users yet, create one. # If there aren't any mail users yet, create one.
source setup/firstuser.sh source setup/firstuser.sh
# Register with Let's Encrypt, including agreeing to the Terms of Service. This # Register with Let's Encrypt, including agreeing to the Terms of Service.
# is an interactive command. # We'd let certbot ask the user interactively, but when this script is
# run in the recommended curl-pipe-to-bash method there is no TTY and
# certbot will fail if it tries to ask.
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then
echo echo
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo "Mail-in-a-Box uses Let's Encrypt to provision free certificates" echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
echo "to enable HTTPS connections to your box. You'll now be asked to agree" echo "to enable HTTPS connections to your box. We're automatically"
echo "to Let's Encrypt's terms of service." echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
echo echo
certbot register $([ "$NONINTERACTIVE" == 1 ] && echo "--agree-tos") \ certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
--register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt
fi fi
# Done. # Done.