after_ssl:
- exec:
cmd:
- - cd /root && git clone https://github.com/Neilpang/le.git
+ - if [ -z "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then echo "LETSENCRYPT_ACCOUNT_EMAIL ENV variable is required and has not been set."; exit 1; fi
+ - /bin/bash -c "if [[ ! \"$LETSENCRYPT_ACCOUNT_EMAIL\" =~ ([^@]+)@([^\.]+) ]]; then echo \"LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address\"; exit 1; fi"
+
+ - exec:
+ cmd:
+ - cd /root && git clone https://github.com/Neilpang/le.git && cd /root/le && git reset --hard a7b7355dcf1f1b75fb581bf5d15cf26086d58c06
- touch /var/spool/cron/crontabs/root
- install -d -m 0755 -g root -o root $LETSENCRYPT_DIR
- cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install
+ # Ideally, we want to name the file 'letsencrypt' but we can't until the following is fixed
+ # https://github.com/Neilpang/acme.sh/issues/164
- file:
- path: /etc/runit/1.d/letsencrypt
+ path: /etc/runit/1.d/install_ssl_cert
chmod: "+x"
contents: |
#!/bin/bash
- set -e
LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096
LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx"
# After the initial install, switch to Webroot plugin
to: |
ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer;
+ - replace:
+ filename: /shared/letsencrypt/account.conf
+ from: /#ACCOUNT_EMAIL=.+/
+ to: |
+ ACCOUNT_EMAIL=$$ENV_LETSENCRYPT_ACCOUNT_EMAIL
+
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /ssl_certificate_key.+/
from: /add_header.+/
to: |
add_header Strict-Transport-Security 'max-age=5184000';
-
-