1
0

fix: register ACME account with EAB first (#976)

* check EAB_KID and HMAC_KEY before registering the ACME account using the provided email.

* Update letsencrypt_service

copy/past error

Co-authored-by: root <root@jump20dst.int.cvovolt.be>
This commit is contained in:
Jeroen 2022-12-03 20:50:23 +01:00 committed by GitHub
parent e0c9b981ab
commit 77cc9d5241
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23

@ -282,9 +282,22 @@ function update_cert {
fi
fi
elif [[ -n "${accountemail// }" ]]; then
# We're not using Zero SSL, register the ACME account using the provided email.
# We're not using Zero SSL, first check for per-container EAB kid and hmac key.
local -n eab_kid="ACME_${cid}_EAB_KID"
local -n eab_hmac_key="ACME_${cid}_EAB_HMAC_KEY"
if [[ -n "${eab_kid}" && -n "${eab_hmac_key}" ]]; then
# Register the ACME account with the per container EAB credentials.
params_register_arr+=(--eab-kid "$eab_kid" --eab-hmac-key "$eab_hmac_key")
elif [[ -n "${ACME_EAB_KID// }" && -n "${ACME_EAB_HMAC_KEY// }" ]]; then
# We don't have per-container EAB kid and hmac key.
# Register the ACME account with the default EAB credentials.
params_register_arr+=(--eab-kid "$ACME_EAB_KID" --eab-hmac-key "$ACME_EAB_HMAC_KEY")
else
# We don't have EAB and HMAC keys, register the ACME account using the provided email.
params_register_arr+=(--accountemail "$accountemail")
fi
fi
# Account registration and update if required
if [[ ! -f "$account_file" ]]; then