Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

puppet: Check that certbot certs are in use before fixing them. 

It is possible to have previously installed certbot, but switched back
to using self-signed certificates -- in which case renewing them using
certbot may fail.

Verify that the certificate is a symlink into certbot's output
directory before running `fix-standalone-certbot`.
This commit is contained in:
Alex Vandiver 2022-04-27 15:10:49 -07:00 committed by Tim Abbott
parent 7e94e3b370
commit c97162e485
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
puppet/zulip/manifests/profile/app_frontend.pp
View File

@ -61,7 +61,12 @@ class zulip::profile::app_frontend {
require => Package[certbot],
}
exec { 'fix-standalone-certbot':
onlyif => 'test -d /etc/letsencrypt/renewal && grep -qx "authenticator = standalone" /etc/letsencrypt/renewal/*.conf',
onlyif => @(EOT),
test -L /etc/ssl/certs/zulip.combined-chain.crt &&
readlink /etc/ssl/certs/zulip.combined-chain.crt | grep -q /etc/letsencrypt/live/ &&
test -d /etc/letsencrypt/renewal &&
grep -qx "authenticator = standalone" /etc/letsencrypt/renewal/*.conf
| EOT
command => "${::zulip_scripts_path}/lib/fix-standalone-certbot",
}