projects / discourse_docker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 17c9e6f)
FIX: Remove expired LE root cert from our local validation
authorRafael dos Santos Silva <xfalcox@gmail.com>
Mon, 25 Oct 2021 17:45:24 +0000 (14:45 -0300)
committerRafael dos Santos Silva <xfalcox@gmail.com>
Mon, 25 Oct 2021 18:43:36 +0000 (15:43 -0300)
The old root was getting openssl confused, resulting in a new
certificate on every rebuild that could easily trigger existing let's
encrypt rate-limits.

templates/web.letsencrypt.ssl.template.yml patch | blob | blame | history

diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml
index fcec567db59db40a5b24d5a7eda4354a1f3d8558..986be02068272aa7c51e0f683f7954eb0f46eb88 100644 (file)
--- a/templates/web.letsencrypt.ssl.template.yml
+++ b/templates/web.letsencrypt.ssl.template.yml
@@ -63,7 +63,7 @@ hooks:
         }
 
         cert_exists() {
-          [[ "$(cd $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME$1 && openssl verify -CAfile ca.cer fullchain.cer | grep "OK")" ]]
+          [[ "$(cd $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME$1 && openssl verify -CAfile <(openssl x509 -in ca.cer) fullchain.cer | grep "OK")" ]]
         }
 
         ########################################################