You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

180 lines
5.9 KiB

  1. #!/usr/bin/env sh
  2. #Here is a script to deploy cert to postfix and dovecot servers, when
  3. #they use the same certificate (e.g., when both are on the same host or
  4. #use the same hostname).
  5. #returns 0 means success, otherwise error.
  6. #DEFAULT_POSTFIX_RELOAD="service postfix restart"
  7. #DEFAULT_DOVECOT_RELOAD="service dovecot restart"
  8. #DEFAULT_POSTFIX_CONF="/etc/postfix/main.cf"
  9. #DEFAULT_DOVECOT_CONF="/etc/dovecot/dovecot.conf"
  10. ######## Public functions #####################
  11. #domain keyfile certfile cafile fullchain
  12. postfix_and_dovecot_deploy() {
  13. _cdomain="$1"
  14. _ckey="$2"
  15. _ccert="$3"
  16. _cca="$4"
  17. _cfullchain="$5"
  18. _debug _cdomain "$_cdomain"
  19. _debug _ckey "$_ckey"
  20. _debug _ccert "$_ccert"
  21. _debug _cca "$_cca"
  22. _debug _cfullchain "$_cfullchain"
  23. _ssl_path="/etc/acme.sh/postfix_and_dovecot"
  24. if ! mkdir -p "$_ssl_path"; then
  25. _err "Can not create folder:$_ssl_path"
  26. return 1
  27. fi
  28. _info "Copying key and cert"
  29. _real_key="$_ssl_path/postfix_and_dovecot.key"
  30. if ! cat "$_ckey" >"$_real_key"; then
  31. _err "Error: write key file to: $_real_key"
  32. return 1
  33. fi
  34. _real_fullchain="$_ssl_path/postfix_and_dovecot.chain.pem"
  35. if ! cat "$_cfullchain" >"$_real_fullchain"; then
  36. _err "Error: write key file to: $_real_fullchain"
  37. return 1
  38. fi
  39. DEFAULT_POSTFIX_RELOAD="service postfix restart"
  40. _reload_postfix="${DEPLOY_POSTFIX_RELOAD:-$DEFAULT_POSTFIX_RELOAD}"
  41. DEFAULT_DOVECOT_RELOAD="service dovecot restart"
  42. _reload_dovecot="${DEPLOY_DOVECOT_RELOAD:-$DEFAULT_DOVECOT_RELOAD}"
  43. if [ -z "$IS_RENEW" ]; then
  44. DEFAULT_POSTFIX_CONF="/etc/postfix/main.cf"
  45. DEFAULT_DOVECOT_CONF="/etc/dovecot/dovecot.conf"
  46. _postfix_conf="${DEPLOY_POSTFIX_CONF:-$DEFAULT_POSTFIX_CONF}"
  47. _dovecot_conf="${DEPLOY_DOVECOT_CONF:-$DEFAULT_DOVECOT_CONF}"
  48. # postfix first
  49. if [ ! -f "$_postfix_conf" ]; then
  50. if [ -z "$DEPLOY_POSTFIX_CONF" ]; then
  51. _err "postfix conf is not found, please define DEPLOY_POSTFIX_CONF"
  52. return 1
  53. else
  54. _err "It seems that the specified postfix conf is not valid, please check."
  55. return 1
  56. fi
  57. fi
  58. if [ ! -w "$_postfix_conf" ]; then
  59. _err "The file $_postfix_conf is not writable, please change the permission."
  60. return 1
  61. fi
  62. _backup_postfix_conf="$DOMAIN_BACKUP_PATH/postfix.conf.bak"
  63. _info "Backup $_postfix_conf to $_backup_postfix_conf"
  64. cp "$_postfix_conf" "$_backup_postfix_conf"
  65. _info "Modify postfix conf: $_postfix_conf"
  66. if _setopt "$_postfix_conf" "smtpd_tls_cert_file" "=" "$_real_fullchain" \
  67. && _setopt "$_postfix_conf" "smtpd_tls_key_file" "=" "$_real_key" \
  68. && _setopt "$_postfix_conf" "smtpd_use_tls" "=" "yes" \
  69. && _setopt "$_postfix_conf" "smtpd_tls_security_level" "=" "may"; then
  70. _info "Set config success!"
  71. else
  72. _err "Config postfix server error, please report bug to us."
  73. _info "Restoring postfix conf"
  74. if cat "$_backup_postfix_conf" >"$_postfix_conf"; then
  75. _info "Restore conf success"
  76. eval "$_reload_postfix"
  77. else
  78. _err "Oops, error restore postfix conf, please report bug to us."
  79. fi
  80. return 1
  81. fi
  82. # now dovecot
  83. if [ ! -f "$_dovecot_conf" ]; then
  84. if [ -z "$DEPLOY_DOVECOT_CONF" ]; then
  85. _err "dovecot conf is not found, please define DEPLOY_DOVECOT_CONF"
  86. return 1
  87. else
  88. _err "It seems that the specified dovecot conf is not valid, please check."
  89. return 1
  90. fi
  91. fi
  92. if [ ! -w "$_dovecot_conf" ]; then
  93. _err "The file $_dovecot_conf is not writable, please change the permission."
  94. return 1
  95. fi
  96. _backup_dovecot_conf="$DOMAIN_BACKUP_PATH/dovecot.conf.bak"
  97. _info "Backup $_dovecot_conf to $_backup_dovecot_conf"
  98. cp "$_dovecot_conf" "$_backup_dovecot_conf"
  99. # dovecot needs the input redirectors ("<") before the filenames here
  100. _info "Modify dovecot conf: $_dovecot_conf"
  101. if _setopt "$_dovecot_conf" "ssl_cert" "=" "<$_real_fullchain" \
  102. && _setopt "$_dovecot_conf" "ssl_key" "=" "<$_real_key" \
  103. && _setopt "$_dovecot_conf" "ssl" "=" "required"; then
  104. _info "Set config success!"
  105. else
  106. _err "Config dovecot server error, please report bug to us."
  107. _info "Restoring dovecot conf"
  108. if cat "$_backup_dovecot_conf" >"$_dovecot_conf"; then
  109. _info "Restore conf success"
  110. eval "$_reload_dovecot"
  111. else
  112. _err "Oops, error restore dovecot conf, please report bug to us."
  113. fi
  114. return 1
  115. fi
  116. fi
  117. _info "Run reload: $_reload_postfix && $_reload_dovecot"
  118. if eval "$_reload_postfix && $_reload_dovecot"; then
  119. _info "Reload success!"
  120. if [ "$DEPLOY_POSTFIX_CONF" ]; then
  121. _savedomainconf DEPLOY_POSTFIX_CONF "$DEPLOY_POSTFIX_CONF"
  122. else
  123. _cleardomainconf DEPLOY_POSTFIX_CONF
  124. fi
  125. if [ "$DEPLOY_POSTFIX_RELOAD" ]; then
  126. _savedomainconf DEPLOY_POSTFIX_RELOAD "$DEPLOY_POSTFIX_RELOAD"
  127. else
  128. _cleardomainconf DEPLOY_POSTFIX_RELOAD
  129. fi
  130. return 0
  131. if [ "$DEPLOY_DOVECOT_CONF" ]; then
  132. _savedomainconf DEPLOY_DOVECOT_CONF "$DEPLOY_DOVECOT_CONF"
  133. else
  134. _cleardomainconf DEPLOY_DOVECOT_CONF
  135. fi
  136. if [ "$DEPLOY_DOVECOT_RELOAD" ]; then
  137. _savedomainconf DEPLOY_DOVECOT_RELOAD "$DEPLOY_DOVECOT_RELOAD"
  138. else
  139. _cleardomainconf DEPLOY_DOVECOT_RELOAD
  140. fi
  141. return 0
  142. else
  143. _err "Reload error, restoring conf"
  144. if cat "$_backup_postfix_conf" >"$_postfix_conf"; then
  145. _info "Restore postfox conf success"
  146. eval "$_reload_postfix"
  147. else
  148. _err "Oops, error restoring postfix conf, please report bug to us."
  149. fi
  150. return 1
  151. if cat "$_backup_dovecot_conf" >"$_dovecot_conf"; then
  152. _info "Restore dovecot conf success"
  153. eval "$_reload_dovecot"
  154. else
  155. _err "Oops, error restoring dovecot conf, please report bug to us."
  156. fi
  157. return 1
  158. fi
  159. return 0
  160. }