From: Rafael dos Santos Silva <xfalcox@gmail.com>
Date: Mon, 25 Oct 2021 17:45:24 +0000 (-0300)
Subject: FIX: Remove expired LE root cert from our local validation
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=8e2ccee0f2989885632c27c7f33a87719d3838ec;p=discourse_docker.git

FIX: Remove expired LE root cert from our local validation

The old root was getting openssl confused, resulting in a new
certificate on every rebuild that could easily trigger existing let's
encrypt rate-limits.
---

diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml
index fcec567..986be02 100644
--- a/templates/web.letsencrypt.ssl.template.yml
+++ b/templates/web.letsencrypt.ssl.template.yml
@@ -63,7 +63,7 @@ hooks:
         }
 
         cert_exists() {
-          [[ "$(cd $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME$1 && openssl verify -CAfile ca.cer fullchain.cer | grep "OK")" ]]
+          [[ "$(cd $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME$1 && openssl verify -CAfile <(openssl x509 -in ca.cer) fullchain.cer | grep "OK")" ]]
         }
 
         ########################################################