auto-agree to Let's Encrypt's terms of service during setup
fixes #1409
This reverts commit 82844ca651
("make certbot auto-agree to TOS if NONINTERACTIVE=1 env var is set (#1399)") and instead *always* auto-agree. If we don't auto-agree, certbot asks the user interactively, but our "curl | bash" setup line does not permit interactive prompts, so certbot failed to register and all certificate things were broken until the command was re-run interactively.
This commit is contained in:
parent
a5d5a073c7
commit
842fbb3d72
3 changed files with 12 additions and 13 deletions
|
@ -4,6 +4,7 @@ CHANGELOG
|
|||
In Development
|
||||
--------------
|
||||
|
||||
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
|
||||
* Update to Nextcloud 13.0.5.
|
||||
* Update to Roundcube 1.3.7.
|
||||
* Update to Z-Push 2.4.4.
|
||||
|
|
3
Vagrantfile
vendored
3
Vagrantfile
vendored
|
@ -22,9 +22,6 @@ Vagrant.configure("2") do |config|
|
|||
# Set environment variables so that the setup script does
|
||||
# not ask any questions during provisioning. We'll let the
|
||||
# machine figure out its own public IP.
|
||||
#
|
||||
# Please note: NONINTERACTIVE=1 mode means that you'll automatically agree
|
||||
# to Let's Encrypt's ACME Subscriber Agreement.
|
||||
export NONINTERACTIVE=1
|
||||
export PUBLIC_IP=auto
|
||||
export PUBLIC_IPV6=auto
|
||||
|
|
|
@ -130,17 +130,18 @@ restart_service fail2ban
|
|||
# If there aren't any mail users yet, create one.
|
||||
source setup/firstuser.sh
|
||||
|
||||
# Register with Let's Encrypt, including agreeing to the Terms of Service. This
|
||||
# is an interactive command.
|
||||
# Register with Let's Encrypt, including agreeing to the Terms of Service.
|
||||
# We'd let certbot ask the user interactively, but when this script is
|
||||
# run in the recommended curl-pipe-to-bash method there is no TTY and
|
||||
# certbot will fail if it tries to ask.
|
||||
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v01.api.letsencrypt.org/ ]; then
|
||||
echo
|
||||
echo "-----------------------------------------------"
|
||||
echo "Mail-in-a-Box uses Let's Encrypt to provision free certificates"
|
||||
echo "to enable HTTPS connections to your box. You'll now be asked to agree"
|
||||
echo "to Let's Encrypt's terms of service."
|
||||
echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
|
||||
echo "to enable HTTPS connections to your box. We're automatically"
|
||||
echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
|
||||
echo
|
||||
certbot register $([ "$NONINTERACTIVE" == 1 ] && echo "--agree-tos") \
|
||||
--register-unsafely-without-email --config-dir $STORAGE_ROOT/ssl/lets_encrypt
|
||||
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
|
||||
fi
|
||||
|
||||
# Done.
|
||||
|
|
Loading…
Reference in a new issue