From d32e73c5bc166e16b43e03dd45160fb76c2b0c30 Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Tue, 17 Nov 2020 10:26:41 +0100
Subject: [PATCH] Fix letsencrypt access to certbot for the mail-letsencrypt
 flavour

---
 core/nginx/conf/nginx.conf          | 2 +-
 towncrier/newsfragments/1686.bugfix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/1686.bugfix

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 8f6eaa0d..df598c94 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -106,7 +106,7 @@ http {
       {% endif %}
 
       # If TLS is failing, prevent access to anything except certbot
-      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not TLS_FLAVOR == "mail" %}
+      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %}
       location / {
         return 403;
       }
diff --git a/towncrier/newsfragments/1686.bugfix b/towncrier/newsfragments/1686.bugfix
new file mode 100644
index 00000000..932d7d7c
--- /dev/null
+++ b/towncrier/newsfragments/1686.bugfix
@@ -0,0 +1 @@
+Fix letsencrypt access to certbot for the mail-letsencrypt flavour