self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-06-15 00:05:11 +02:00
Code Issues Releases Activity

Send ISRG_X1 on port 25, make DANE pin that

Browse Source
This commit is contained in:
Florent Daigniere
2022-02-19 14:26:17 +01:00
parent 9a99f4253b
commit e4a32b55f5
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
core/nginx/letsencrypt.py
View File

@ -47,6 +47,15 @@ def format_for_nginx(fullchain, output):
for cert in certs[:-1] if len(certs)>2 and os.getenv('LETSENCRYPT_SHORTCHAIN', default="False") else certs:
pem.write(cert)
def add_DANE_pin(chain, output):
with open(output, 'w') as pem:
with open(chain, 'r') as chain:
for line in chain:
pem.write(line)
with open('/etc/ssl/certs/ca-cert-ISRG_Root_X1.pem', 'r') as isrgx1:
for line in isrgx1:
pem.write(line)
# Wait for nginx to start
time.sleep(5)
@ -54,6 +63,8 @@ time.sleep(5)
while True:
subprocess.call(command)
format_for_nginx('/certs/letsencrypt/live/mailu/fullchain.pem', '/certs/letsencrypt/live/mailu/nginx-chain.pem')
add_DANE_pin('/certs/letsencrypt/live/mailu/chain.pem', '/certs/letsencrypt/live/mailu/nginx-chain-DANE.pem')
subprocess.call(command2)
format_for_nginx('/certs/letsencrypt/live/mailu-ecdsa/fullchain.pem', '/certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem')
add_DANE_pin('/certs/letsencrypt/live/mailu-ecdsa/chain.pem', '/certs/letsencrypt/live/mailu-ecdsa/nginx-chain-DANE.pem')
time.sleep(86400)