From 7954d50fc4f537890443b0dbec55ff0d3e17c9bb Mon Sep 17 00:00:00 2001
From: Edi Septriyanto <me@masedi.net>
Date: Thu, 4 Mar 2021 21:46:34 +0700
Subject: [PATCH] Fix LE certificate creation

---
 scripts/install_mailer.sh | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/scripts/install_mailer.sh b/scripts/install_mailer.sh
index dd89b1d..6302b0a 100755
--- a/scripts/install_mailer.sh
+++ b/scripts/install_mailer.sh
@@ -58,24 +58,26 @@ function install_postfix() {
         run postconf -e "smtpd_sasl_auth_enable = yes"
         run postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org"
 
-        # Getting Let's Encrypt certificates.
+        # Generating Let's Encrypt certificates.
         local CERTPATH=""
 
-        # Stop webserver first
-        run systemctl stop nginx
+        if [[ "${ENVIRONMENT}" == "production" ]]; then
+            # Stop webserver first
+            run systemctl stop nginx
 
-        if [[ "${SENDER_DOMAIN}" != "example.com" && $(validate_fqdn "${SENDER_DOMAIN}") == true \
-        && $(dig "${SENDER_DOMAIN}" +short) = "${SERVER_IP}" ]]; then
-            run certbot certonly --standalone --agree-tos --preferred-challenges http -d "${SENDER_DOMAIN}"
-            CERTPATH="/etc/letsencrypt/live/${SENDER_DOMAIN}"
-        elif [[ $(dig "${HOSTNAME}" +short) = "${SERVER_IP}" ]]; then
-            run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}"
-            CERTPATH="/etc/letsencrypt/live/${HOSTNAME}"
+            if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true \
+            && $(dig "${SENDER_DOMAIN}" +short) = "${SERVER_IP}" ]]; then
+                run certbot certonly --standalone --agree-tos --preferred-challenges http -d "${SENDER_DOMAIN}"
+                CERTPATH="/etc/letsencrypt/live/${SENDER_DOMAIN}"
+            elif [[ $(dig "${HOSTNAME}" +short) = "${SERVER_IP}" ]]; then
+                run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}"
+                CERTPATH="/etc/letsencrypt/live/${HOSTNAME}"
+            fi
+
+            # Re-start webserver
+            run systemctl start nginx
         fi
 
-        # Re-start webserver
-        run systemctl start nginx
-
         # Enable Postfix secure.
         if [ -n "${CERTPATH}" ]; then
             run postconf -e "smtpd_tls_cert_file = ${CERTPATH}/fullchain.pem"