Implemented SAN via Letsencrypt and Certbot

2025-08-29 23:08:06 +02:00 · 2025-04-28 16:47:51 +02:00
parent 0fc9c3e495
commit 04deeef385
28 changed files with 411 additions and 224 deletions
--- a/roles/nginx-docker-cert-deploy/CONFIGURATION.md
+++ b/roles/nginx-docker-cert-deploy/CONFIGURATION.md
@@ -1,19 +0,0 @@
-# Configuration Options 📋
-
-## One Wildcard Certificate for All Subdomains
-
-By default, each subdomain gets its own certificate. You can **enable a wildcard certificate** by setting:
-
-```yaml
-enable_wildcard_certificate: true
-```
-
-## Pros & Cons of a Wildcard Certificate
-### Pros
- ✅ **Improves performance** by reducing TLS handshakes.  
- ✅ **Simplifies certificate management** (one cert for all subdomains).  
-### Cons
- ⚠ **Requires manual DNS challenge setup** for Let's Encrypt.  
- ⚠ **Needs additional configuration for automation** (see below).  
-
-If enabled, update your inventory file and follow the **[manual wildcard certificate setup](SETUP.md)**.
--- a/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
+++ b/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
@@ -2,21 +2,21 @@

 # Check if the necessary parameters are provided
 if [ "$#" -ne 2 ]; then
-    echo "Usage: $0 <domain> <docker_compose_instance_directory>"
+    echo "Usage: $0 <ssl_cert_folder> <docker_compose_instance_directory>"
    exit 1
 fi

 # Assign parameters
-domain="$1"
+ssl_cert_folder="$1"
 docker_compose_instance_directory="$2"
 docker_compose_cert_directory="$docker_compose_instance_directory/volumes/certs"

 # Copy certificates
-cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose_cert_directory" || exit 1
+cp -RvL "/etc/letsencrypt/live/$ssl_cert_folder/"* "$docker_compose_cert_directory" || exit 1

 # This code is optimized for mailu
-cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1
-cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1
+cp -v "/etc/letsencrypt/live/$ssl_cert_folder/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1
+cp -v "/etc/letsencrypt/live/$ssl_cert_folder/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1

 # Set correct reading rights
 chmod a+r -v "$docker_compose_cert_directory/"*
--- a/roles/nginx-docker-cert-deploy/templates/nginx-docker-cert-deploy.service.j2
+++ b/roles/nginx-docker-cert-deploy/templates/nginx-docker-cert-deploy.service.j2
@@ -4,4 +4,4 @@ OnFailure=systemd-notifier.cymais@%n.service

 [Service]
 Type=oneshot
-ExecStart=/usr/bin/bash {{path_administrator_scripts}}/nginx-docker-cert-deploy.sh {{domain}} {{docker_compose.directories.instance}}
+ExecStart=/usr/bin/bash {{path_administrator_scripts}}/nginx-docker-cert-deploy.sh {{ssl_cert_folder}} {{docker_compose.directories.instance}}