From 14a17a7874cb8b04796d9a7a58abe2fac7243c91 Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Fri, 25 Jul 2025 15:23:00 -0400
Subject: [PATCH] Adjusting the cerficae generation with lets-encrypt

---
 conf/mailleur.conf     | 12 ++++++++++--
 support/do_dns_tlsa.sh |  7 ++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/conf/mailleur.conf b/conf/mailleur.conf
index 8bdd026..901ed13 100644
--- a/conf/mailleur.conf
+++ b/conf/mailleur.conf
@@ -33,15 +33,23 @@ SMTPPORTS="|||5,smtps||465|3,smtp||587|2"
 #SSL_SECURITY=2
 #------------------------------------------------
 #Defining SERVER mode Certificate data
-CA_ROOT_SRV="/etc/pki/tls/make-ca/ca-bundle.crt"
+#If certificate set via do_dns_tlsa.sh (letsencrypt)
+#CA_CERT_SRV="/etc/certbot/mailleur/mailleur-fullchain.pem"
+#CA_KEY_SRV="/etc/certbot/mailleur/mailleur-key.pem"
+#I certificate are self signedA (default installation)
 CA_CERT_SRV="/etc/pki/mailleur/mailleur-cert.pem"
 CA_KEY_SRV="/etc/pki/mailleur/mailleur-key.pem"
+CA_ROOT_SRV="/etc/pki/tls/make-ca/ca-bundle.crt"
 CA_VERIFY_SRV=0	#to check PEER/client remote certificate
 #------------------------------------------------
 #Defining CLIENT mode Certificate data
-CA_ROOT_CLT="/etc/pki/tls/make-ca/ca-bundle.crt"
+#If certificate set via do_dns_tlsa.sh (letsencrypt)
+#CA_CERT_CLT="/etc/certbot/mailleur/mailleur-fullchain.pem"
+#CA_KEY_CLT="/etc/certbot/mailleur/mailleur-key.pem"
+#I certificate are self signedA (default installation)
 CA_CERT_CLT="/etc/pki/mailleur/mailleur-cert.pem"
 CA_KEY_CLT="/etc/pki/mailleur/mailleur-key.pem"
+CA_ROOT_CLT="/etc/pki/tls/make-ca/ca-bundle.crt"
 CA_VERIFY_CLT=0	#to check PEER/server remote certificate
 #------------------------------------------------
 #Configured for Postgresql database
diff --git a/support/do_dns_tlsa.sh b/support/do_dns_tlsa.sh
index 082c3d4..0d04cf2 100755
--- a/support/do_dns_tlsa.sh
+++ b/support/do_dns_tlsa.sh
@@ -4,7 +4,7 @@
 #public/private key
 #-------------------------------------------------------------------
 #comment in if working in production
-DRY_RUN="--dry-run"
+DRYRUN="--dry-run"
 STAGING="--staging"
 MRKR=`date +"%F"`
 APPNAME=mailleur
@@ -52,7 +52,7 @@ openssl req					\
   	-subj '/'				\
   	-reqexts SAN				\
   	-out ./request.csr			\
-  	-keyout ./privkey.pem			\
+  	-keyout ./$APPNAME-key.pem		\
   	-key ./ec_key.pem
 }
 
@@ -75,7 +75,8 @@ certbot certonly					\
 	--cert-path ./$MRKR-cert.pem			\
 	--work-dir .					\
 	--logs-dir ./logs				\
-	$STAGING
+	$STAGING					\
+	$DRYRUN						\
 
 ln -nsf							\
 	./$MRKR-fullchain.pem				\
-- 
2.47.3