diff --git a/CHANGES b/CHANGES index 15bbca41a..235bf01e3 100644 --- a/CHANGES +++ b/CHANGES @@ -1548,4 +1548,5 @@ * Make crash logs viewable via the dashboard * Fix issue where uploading of filenames with brackets and plus was not working * Add notification for cert renewal and backup failures +* Fix issue where mail container was not updated with the latest certificate diff --git a/src/mail.js b/src/mail.js index e56fb01a1..4c3847241 100644 --- a/src/mail.js +++ b/src/mail.js @@ -25,6 +25,7 @@ exports = module.exports = { startMail: restartMail, restartMail: restartMail, + handleCertChanged: handleCertChanged, sendTestMail: sendTestMail, @@ -690,6 +691,10 @@ function restartMailIfActivated(callback) { }); } +function handleCertChanged(callback) { + restartMailIfActivated(callback); +} + function getDomain(domain, callback) { assert.strictEqual(typeof domain, 'string'); assert.strictEqual(typeof callback, 'function'); diff --git a/src/platform.js b/src/platform.js index 2c4d366bf..09215828e 100644 --- a/src/platform.js +++ b/src/platform.js @@ -4,8 +4,6 @@ exports = module.exports = { start: start, stop: stop, - handleCertChanged: handleCertChanged, - // exported for testing _isReady: false }; @@ -167,14 +165,3 @@ function startApps(existingInfra, callback) { callback(); } } - -function handleCertChanged(cn, callback) { - assert.strictEqual(typeof cn, 'string'); - assert.strictEqual(typeof callback, 'function'); - - debug('handleCertChanged', cn); - - if (cn === '*.' + config.adminDomain() || cn === config.adminFqdn()) return mail.restartMail(callback); - - callback(); -} diff --git a/src/reverseproxy.js b/src/reverseproxy.js index bae02a09d..2a36c3314 100644 --- a/src/reverseproxy.js +++ b/src/reverseproxy.js @@ -45,6 +45,7 @@ var acme2 = require('./cert/acme2.js'), eventlog = require('./eventlog.js'), fallback = require('./cert/fallback.js'), fs = require('fs'), + mail = require('./mail.js'), os = require('os'), path = require('path'), paths = require('./paths.js'), @@ -330,6 +331,15 @@ function getCertificate(fqdn, domain, callback) { }); } +function notifyCertChanged(vhost, callback) { + assert.strictEqual(typeof vhost, 'string'); + assert.strictEqual(typeof callback, 'function'); + + if (vhost !== config.mailFqdn()) return callback(); + + mail.handleCertChanged(callback); +} + function ensureCertificate(vhost, domain, auditSource, callback) { assert.strictEqual(typeof vhost, 'string'); assert.strictEqual(typeof domain, 'string'); @@ -358,10 +368,14 @@ function ensureCertificate(vhost, domain, auditSource, callback) { api.getCertificate(vhost, domain, apiOptions, function (error, certFilePath, keyFilePath) { eventlog.add(currentBundle ? eventlog.ACTION_CERTIFICATE_RENEWAL : eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: vhost, errorMessage: error ? error.message : '' }); - // if no cert was returned use fallback. the fallback/caas provider will not provide any for example - if (!certFilePath || !keyFilePath) return getFallbackCertificate(domain, callback); + notifyCertChanged(vhost, function (error) { + if (error) return callback(error); - callback(null, { certFilePath, keyFilePath, type: 'new-le' }); + // if no cert was returned use fallback. the fallback/caas provider will not provide any for example + if (!certFilePath || !keyFilePath) return getFallbackCertificate(domain, callback); + + callback(null, { certFilePath, keyFilePath }); + }); }); }); }); @@ -575,11 +589,7 @@ function renewCerts(options, auditSource, progressCallback, callback) { else if (appDomain.type === 'alternate') configureFunc = writeAppRedirectNginxConfig.bind(null, appDomain.app, appDomain.fqdn, bundle); else return iteratorCallback(new Error(`Unknown domain type for ${appDomain.fqdn}. This should never happen`)); - configureFunc(function (ignoredError) { - if (ignoredError) debug('renewCerts: error reconfiguring app', ignoredError); - - platform.handleCertChanged(appDomain.fqdn, iteratorCallback); - }); + configureFunc(iteratorCallback); }); }, callback); });