search

hardware / mailserver

:warning: UNMAINTAINED - Simple and full-featured mail server using Docker
https://store.docker.com/community/images/hardware/mailserver
MIT License
1.29k stars 322 forks source link

Add handling for Traefik v2 acme.json #406

Closed ghost closed 5 years ago

ghost commented 5 years ago

Description

This PR essentially adds the possibility to handle acme.json files generated by Traefik v2.

Traefik v2 adds the concept of multiple certificate resolvers (reference). As such, the structure of acme.json is slightly different.

Old acme.json from Traefik v1:

{
  "Account": {
    "Email": "someone@example.com",
    "Registration": {
      "body": {
        "status": "valid",
        "contact": [
          "mailto:someone@example.com"
        ]
      },
      "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/<redacted>"
    },
    "PrivateKey": "<redacted>",
    "KeyType": "4096"
  },
  "Certificates": [
    {
      "Domain": {
        "Main": "example.com",
        "SANs": null
      },
      "Certificate": "<redacted>",
      "Key": "<redacted>"
    }
  ...
  ]
}

New acme.json from Traefik v2:

{
  "default": {
    "Account": {
      "Email": "someone@example.com",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:someone@example.com"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/<redacted>"
      },
    "Certificates": [
      {
        "domain": {
          "main": "example.com",
          "sans": [
            "sub.example.com"
          ]
        },
        "certificate": "<redacted>",
        "key": "<redacted>",
        "Store": "default"
      }
    ...
    ]
  }
}

Note the top-level "default" object (which is the name of the certificate resolver), as well as changed capitalization on Domain, Main, Certificate etc.

In order to support this file, I basically copied dumpcerts.acme.v2.sh, adapted it to this structure, and added detection in certs_helper.sh.

Type of change

Status

How has this been tested ?

I use this in production with on my own instance using Traefik v2 - so far it works well. However, I don't use wildcard certificates, so I haven't been able to test functionality with wildcard certificates.

sknight80 commented 5 years ago

Hi @TheZenti ,

Thank you for your contribution. I noticed the Travis CI build is failed on your branch and the previous PR as well. If there is no objection, I will merge it tomorrow. CC: @hardware