Merge pull request #431 from linuxserver/root-certbot

Run certbot as root to allow fix http validation
2025-11-10 18:02:40 +09:00 · 2023-11-28 13:49:03 -06:00
parent 2ca6807b64 e3560414dc
commit de18e4ef24
3 changed files with 6 additions and 5 deletions
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -153,6 +153,7 @@ app_setup_block: |
 # changelog
 changelogs:
  - { date: "23.11.23:", desc: "Run certbot as root to allow fix http validation." }
  - { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
  - { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
  - { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
--- a/root/etc/crontabs/root
+++ b/root/etc/crontabs/root
--- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
@@ -199,9 +199,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
        REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
    fi
    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
    else
-        s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
    fi
    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -214,9 +214,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l
    echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
    REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
    else
-        s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
    fi
    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -349,7 +349,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
        set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
    fi
    echo "Generating new certificate"
-    s6-setuidgid abc certbot certonly --non-interactive --renew-by-default
+    certbot certonly --non-interactive --renew-by-default
    if [[ ! -d /config/keys/letsencrypt ]]; then
        if [[ "${VALIDATION}" = "dns" ]]; then
            echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."