]> SAFE projects GIT repository - jmp/mailleur/commitdiff
Adjusting the cerficae generation with lets-encrypt
authorJean-Marc Pigeon (Delson) <jmp@safe.ca>
Fri, 25 Jul 2025 19:23:00 +0000 (15:23 -0400)
committerJean-Marc Pigeon (Delson) <jmp@safe.ca>
Fri, 25 Jul 2025 19:23:00 +0000 (15:23 -0400)
conf/mailleur.conf
support/do_dns_tlsa.sh

index 8bdd0268bf3dbdd69d0a1213b337a1de7a30094b..901ed132a3b5803e2314b16fc08dedd262e332ef 100644 (file)
@@ -33,15 +33,23 @@ SMTPPORTS="|||5,smtps||465|3,smtp||587|2"
 #SSL_SECURITY=2
 #------------------------------------------------
 #Defining SERVER mode Certificate data
-CA_ROOT_SRV="/etc/pki/tls/make-ca/ca-bundle.crt"
+#If certificate set via do_dns_tlsa.sh (letsencrypt)
+#CA_CERT_SRV="/etc/certbot/mailleur/mailleur-fullchain.pem"
+#CA_KEY_SRV="/etc/certbot/mailleur/mailleur-key.pem"
+#I certificate are self signedA (default installation)
 CA_CERT_SRV="/etc/pki/mailleur/mailleur-cert.pem"
 CA_KEY_SRV="/etc/pki/mailleur/mailleur-key.pem"
+CA_ROOT_SRV="/etc/pki/tls/make-ca/ca-bundle.crt"
 CA_VERIFY_SRV=0        #to check PEER/client remote certificate
 #------------------------------------------------
 #Defining CLIENT mode Certificate data
-CA_ROOT_CLT="/etc/pki/tls/make-ca/ca-bundle.crt"
+#If certificate set via do_dns_tlsa.sh (letsencrypt)
+#CA_CERT_CLT="/etc/certbot/mailleur/mailleur-fullchain.pem"
+#CA_KEY_CLT="/etc/certbot/mailleur/mailleur-key.pem"
+#I certificate are self signedA (default installation)
 CA_CERT_CLT="/etc/pki/mailleur/mailleur-cert.pem"
 CA_KEY_CLT="/etc/pki/mailleur/mailleur-key.pem"
+CA_ROOT_CLT="/etc/pki/tls/make-ca/ca-bundle.crt"
 CA_VERIFY_CLT=0        #to check PEER/server remote certificate
 #------------------------------------------------
 #Configured for Postgresql database
index 082c3d40ac0edf0d456e1ad158eccd3837878677..0d04cf2e53c0be68a5ead1e62f6787e2cb01d26b 100755 (executable)
@@ -4,7 +4,7 @@
 #public/private key
 #-------------------------------------------------------------------
 #comment in if working in production
-DRY_RUN="--dry-run"
+DRYRUN="--dry-run"
 STAGING="--staging"
 MRKR=`date +"%F"`
 APPNAME=mailleur
@@ -52,7 +52,7 @@ openssl req                                   \
        -subj '/'                               \
        -reqexts SAN                            \
        -out ./request.csr                      \
-       -keyout ./privkey.pem                   \
+       -keyout ./$APPNAME-key.pem              \
        -key ./ec_key.pem
 }
 
@@ -75,7 +75,8 @@ certbot certonly                                      \
        --cert-path ./$MRKR-cert.pem                    \
        --work-dir .                                    \
        --logs-dir ./logs                               \
-       $STAGING
+       $STAGING                                        \
+       $DRYRUN                                         \
 
 ln -nsf                                                        \
        ./$MRKR-fullchain.pem                           \