diff options
| author | nachoparker <nacho@ownyourbits.com> | 2021-10-14 21:36:02 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2021-10-14 22:48:40 +0300 |
| commit | c75db632609460aeac90ee05244cda48aa5f400a (patch) | |
| tree | 8f0ddeb60fdecc3064030bd9528917e80d881b50 | |
| parent | b41fad0b940598fe13a4d34aa897893f103d8388 (diff) | |
letsencrypt: take into account the possibility of the ncp-nextcloud folder being usedv1.41.1
Signed-off-by: nachoparker <nacho@ownyourbits.com>
| -rw-r--r-- | changelog.md | 8 | ||||
| -rw-r--r-- | etc/ncp-templates/nextcloud.conf.sh | 20 |
2 files changed, 20 insertions, 8 deletions
diff --git a/changelog.md b/changelog.md index 596534e8..614bd667 100644 --- a/changelog.md +++ b/changelog.md @@ -1,9 +1,11 @@ -[v1.41.0](https://github.com/nextcloud/nextcloudpi/commit/33d8167) (2021-10-13) ncp-web: add NCP logs section +[v1.41.1](https://github.com/nextcloud/nextcloudpi/commit/2c4cb42) (2021-10-14) letsencrypt: take into account the possibility of the ncp-nextcloud folder being used -[v1.40.10](https://github.com/nextcloud/nextcloudpi/commit/8bb5795) (2021-10-12) nc-import-ncp: run activated apps upon import +[v1.41.0 ](https://github.com/nextcloud/nextcloudpi/commit/b41fad0) (2021-10-13) ncp-web: add NCP logs section -[v1.40.9 ](https://github.com/nextcloud/nextcloudpi/commit/a4998cd) (2021-10-12) letsencrypt: favor most recent cert if there are many +[v1.40.10](https://github.com/nextcloud/nextcloudpi/commit/85cb1f0) (2021-10-12) nc-import-ncp: run activated apps upon import + +[v1.40.9 ](https://github.com/nextcloud/nextcloudpi/commit/35a3a54) (2021-10-12) letsencrypt: favor most recent cert if there are many [v1.40.8 ](https://github.com/nextcloud/nextcloudpi/commit/9bddfad) (2021-10-12) fix HPB with dynamic IP diff --git a/etc/ncp-templates/nextcloud.conf.sh b/etc/ncp-templates/nextcloud.conf.sh index ec0b3174..4c85f317 100644 --- a/etc/ncp-templates/nextcloud.conf.sh +++ b/etc/ncp-templates/nextcloud.conf.sh @@ -41,22 +41,32 @@ EOF if [[ "$1" != "--defaults" ]] && [[ -n "$LETSENCRYPT_DOMAIN" ]]; then echo " ServerName ${LETSENCRYPT_DOMAIN}" + + # try the obvious path first LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN,,}" + + # find the most recent cert otherwise [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || { - #find the most recent cert LETSENCRYPT_CERT_BASE_PATH="$(find /etc/letsencrypt/live -type d -name "${LETSENCRYPT_DOMAIN,,}*" -printf "%T@ %p\n" | sort -n | cut -f2 -d' ' | tail -1)" } - LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" - LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem" - # fall back to self-signed snakeoil certs - [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || unset LETSENCRYPT_CERT_BASE_PATH + # otherwise, in some installs this is the path we use (for legacy reasons) + [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || { + if [[ -d "/etc/letsencrypt/live/ncp-nextcloud" ]]; then + LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud" + fi + } else # Make sure the default snakeoil cert exists [ -f /etc/ssl/certs/ssl-cert-snakeoil.pem ] || make-ssl-cert generate-default-snakeoil --force-overwrite unset LETSENCRYPT_DOMAIN fi +# NOTE: we fall back to self-signed snakeoil certs if we couldn't get a LE one +[[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] && { + LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" + LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem" +} cat <<EOF CustomLog /var/log/apache2/nc-access.log combined ErrorLog /var/log/apache2/nc-error.log |