try to get LE certs for the new names

3 years ago · 81b592f3cb
parent a3f9e2beee
commit 81b592f3cb
2 changed files with 9 additions and 3 deletions
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@ -271,7 +271,7 @@ class Domain(Base):
            f'_{proto}._tcp.{self.name}. 600 IN SRV {prio} 1 {port} {hostname}.'
            for proto, port, prio
            in protocols
-        ])
+        ])+[f'autoconfig.{self.name}. 600 IN CNAME {hostname}.']

    @cached_property
    def dns_tlsa(self):
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@ -4,10 +4,16 @@ import os
 import time
 import subprocess

+hostnames = list(set(os.environ['HOSTNAMES'].split(',')))
+for hostname in hostnames:
+    if not hostname.startswith('autoconfig.'):
+        hostnames.append(f'autoconfig.{hostname}')
+hostnames = ','.join(set(hostnames))
+
 command = [
    "certbot",
    "-n", "--agree-tos", # non-interactive
-    "-d", os.environ["HOSTNAMES"],
+    "-d", hostnames, "--expand", "--allow-subset-of-names",
    "-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
    "certonly", "--standalone",
    "--cert-name", "mailu",
@ -20,7 +26,7 @@ command = [
 command2 = [
    "certbot",
    "-n", "--agree-tos", # non-interactive
-    "-d", os.environ["HOSTNAMES"],
+    "-d", hostnames, "--expand", "--allow-subset-of-names",
    "-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
    "certonly", "--standalone",
    "--cert-name", "mailu-ecdsa",