Fix LE certificate creation

2026-04-03 11:18:21 +00:00 · 2021-03-04 21:46:34 +07:00
parent 1e4087572c
commit 7954d50fc4
1 changed files with 15 additions and 13 deletions
--- a/scripts/install_mailer.sh
+++ b/scripts/install_mailer.sh
@@ -58,24 +58,26 @@ function install_postfix() {
        run postconf -e "smtpd_sasl_auth_enable = yes"
        run postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org"

-        # Getting Let's Encrypt certificates.
+        # Generating Let's Encrypt certificates.
        local CERTPATH=""

-        # Stop webserver first
-        run systemctl stop nginx
+        if [[ "${ENVIRONMENT}" == "production" ]]; then
+            # Stop webserver first
+            run systemctl stop nginx

-        if [[ "${SENDER_DOMAIN}" != "example.com" && $(validate_fqdn "${SENDER_DOMAIN}") == true \
-        && $(dig "${SENDER_DOMAIN}" +short) = "${SERVER_IP}" ]]; then
-            run certbot certonly --standalone --agree-tos --preferred-challenges http -d "${SENDER_DOMAIN}"
-            CERTPATH="/etc/letsencrypt/live/${SENDER_DOMAIN}"
-        elif [[ $(dig "${HOSTNAME}" +short) = "${SERVER_IP}" ]]; then
-            run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}"
-            CERTPATH="/etc/letsencrypt/live/${HOSTNAME}"
+            if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true \
+            && $(dig "${SENDER_DOMAIN}" +short) = "${SERVER_IP}" ]]; then
+                run certbot certonly --standalone --agree-tos --preferred-challenges http -d "${SENDER_DOMAIN}"
+                CERTPATH="/etc/letsencrypt/live/${SENDER_DOMAIN}"
+            elif [[ $(dig "${HOSTNAME}" +short) = "${SERVER_IP}" ]]; then
+                run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}"
+                CERTPATH="/etc/letsencrypt/live/${HOSTNAME}"
+            fi
+
+            # Re-start webserver
+            run systemctl start nginx
        fi

-        # Re-start webserver
-        run systemctl start nginx
-
        # Enable Postfix secure.
        if [ -n "${CERTPATH}" ]; then
            run postconf -e "smtpd_tls_cert_file = ${CERTPATH}/fullchain.pem"