diff options
| author | Luke Smith <luke@lukesmith.xyz> | 2023-01-26 19:06:37 -0500 |
|---|---|---|
| committer | Luke Smith <luke@lukesmith.xyz> | 2023-01-26 19:06:37 -0500 |
| commit | bf982255aa4b88d61e4722e73bdbd5ccd33cb4c0 (patch) | |
| tree | a8cc2a7a0ec25844e484ea5e5ae73482c886dbd9 | |
| parent | eb5b6743f3be0d9472a33b58bc73c05bb6613c98 (diff) | |
get cert if absent fix #253. ufw fix #256.
| -rw-r--r-- | emailwiz.sh | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/emailwiz.sh b/emailwiz.sh index 1d89f33..77c1765 100644 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -43,20 +43,33 @@ subdom=${MAIL_SUBDOM:-mail} maildomain="$subdom.$domain" certdir="/etc/letsencrypt/live/$maildomain" +# Open required mail ports, and 80, for Certbot. +for port in 80 993 465 25 587; do + ufw allow "$port" 2>/dev/null +done + [ ! -d "$certdir" ] && - possiblecert="$(certbot certificates 2>/dev/null | grep "$maildomain\|*\.$domain" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && + possiblecert="$(certbot certificates 2>/dev/null | grep "Domains:\.* $maildomain\(\s\|$\)" -A 2 | awk '/Certificate Path/ {print $3}' | head -n1)" && certdir="${possiblecert%/*}" -[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. - -Use Let's Encrypt's Certbot to get that and then rerun this script." && exit 1 +[ ! -d "$certdir" ] && case "$(netstat -tulpn | grep ":80\s")" in + *nginx*) + apt install -y python3-certbot-nginx + certbot -d "$maildomain" certonly --nginx --register-unsafely-without-email --agree-tos + ;; + *apache*) + apt install -y python3-certbot-apache + certbot -d "$maildomain" certonly --apache --register-unsafely-without-email --agree-tos + ;; + *) + apt install -y python3-certbot + certbot -d "$maildomain" certonly --standalone --register-unsafely-without-email --agree-tos + ;; +esac -# NOTE ON POSTCONF COMMANDS +[ ! -d "$certdir" ] && echo "Note! You must first have a Let's Encrypt Certbot HTTPS/SSL Certificate for $maildomain. -# The `postconf` command literally just adds the line in question to -# /etc/postfix/main.cf so if you need to debug something, go there. It replaces -# any other line that sets the same setting, otherwise it is appended to the -# end of the file. +Use Let's Encrypt's Certbot to get that and then rerun this script. It failed to run automatically here." && exit 1 echo "Configuring Postfix's main.cf..." @@ -314,9 +327,6 @@ for x in spamassassin opendkim dovecot postfix; do systemctl enable "$x" done -# If ufw is used, enable the mail ports. -pgrep ufw >/dev/null && { ufw allow 993; ufw allow 465 ; ufw allow 587; ufw allow 25 ;} - pval="$(tr -d '\n' <"/etc/postfix/dkim/$domain/$subdom.txt" | sed "s/k=rsa.* \"p=/k=rsa; p=/;s/\"\s*\"//;s/\"\s*).*//" | grep -o 'p=.*')" dkimentry="$subdom._domainkey.$domain TXT v=DKIM1; k=rsa; $pval" dmarcentry="_dmarc.$domain TXT v=DMARC1; p=reject; rua=mailto:dmarc@$domain; fo=1" |