letsencrypt: take into account the possibility of the ncp-nextcloud f…

…older being used Signed-off-by: nachoparker <[email protected]>
nextcloud · Oct 14, 2021 · c75db63 · c75db63
1 parent b41fad0
commit c75db63
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 8 deletions.
diff --git a/changelog.md b/changelog.md
@@ -1,9 +1,11 @@
 
-[v1.41.0](https://github.com/nextcloud/nextcloudpi/commit/33d8167) (2021-10-13) ncp-web: add NCP logs section
+[v1.41.1](https://github.com/nextcloud/nextcloudpi/commit/2c4cb42) (2021-10-14) letsencrypt: take into account the possibility of the ncp-nextcloud folder being used
 
-[v1.40.10](https://github.com/nextcloud/nextcloudpi/commit/8bb5795) (2021-10-12) nc-import-ncp: run activated apps upon import
+[v1.41.0 ](https://github.com/nextcloud/nextcloudpi/commit/b41fad0) (2021-10-13) ncp-web: add NCP logs section
 
-[v1.40.9 ](https://github.com/nextcloud/nextcloudpi/commit/a4998cd) (2021-10-12) letsencrypt: favor most recent cert if there are many
+[v1.40.10](https://github.com/nextcloud/nextcloudpi/commit/85cb1f0) (2021-10-12) nc-import-ncp: run activated apps upon import
+
+[v1.40.9 ](https://github.com/nextcloud/nextcloudpi/commit/35a3a54) (2021-10-12) letsencrypt: favor most recent cert if there are many
 
 [v1.40.8 ](https://github.com/nextcloud/nextcloudpi/commit/9bddfad) (2021-10-12) fix HPB with dynamic IP
 

diff --git a/etc/ncp-templates/nextcloud.conf.sh b/etc/ncp-templates/nextcloud.conf.sh
@@ -41,22 +41,32 @@ EOF
 
 if [[ "$1" != "--defaults" ]] && [[ -n "$LETSENCRYPT_DOMAIN" ]]; then
   echo "    ServerName ${LETSENCRYPT_DOMAIN}"
+
+  # try the obvious path first
   LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN,,}"
+
+  # find the most recent cert otherwise
   [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || {
-    #find the most recent cert
     LETSENCRYPT_CERT_BASE_PATH="$(find /etc/letsencrypt/live -type d -name "${LETSENCRYPT_DOMAIN,,}*" -printf "%T@ %p\n" | sort -n | cut -f2 -d' ' | tail -1)"
   }
-  LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem"
-  LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem"
 
-  # fall back to self-signed snakeoil certs
-  [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || unset LETSENCRYPT_CERT_BASE_PATH
+  # otherwise, in some installs this is the path we use (for legacy reasons)
+  [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || {
+    if [[ -d "/etc/letsencrypt/live/ncp-nextcloud" ]]; then
+      LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud" 
+    fi
+  }
 else
   # Make sure the default snakeoil cert exists
   [ -f /etc/ssl/certs/ssl-cert-snakeoil.pem ] || make-ssl-cert generate-default-snakeoil --force-overwrite
   unset LETSENCRYPT_DOMAIN
 fi
 
+# NOTE: we fall back to self-signed snakeoil certs if we couldn't get a LE one
+[[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] && {
+  LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem"
+  LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem"
+}
 cat <<EOF
     CustomLog /var/log/apache2/nc-access.log combined
     ErrorLog  /var/log/apache2/nc-error.log