diff --git a/Dockerfile b/Dockerfile index 9944364..ccd1796 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,6 @@ RUN chmod 775 /run/postgresql ADD /rootfs / -VOLUME /var/lib/postgresql/data +VOLUME /var/lib/postgresql/data /var/lib/postgresql/.lego EXPOSE 5432 diff --git a/rootfs/bin/concat-sans b/rootfs/bin/concat-sans new file mode 100755 index 0000000..776ccec --- /dev/null +++ b/rootfs/bin/concat-sans @@ -0,0 +1,11 @@ +#!/usr/bin/with-contenv sh + +SAN_DOMAINS="" + +export IFS=";" +for SAN in ${POSTGRES_SAN} +do + SAN_DOMAINS="${SAN_DOMAINS} --domains=\"${SAN}\"" +done + +echo ${SAN_DOMAINS} diff --git a/rootfs/bin/renew-certificates b/rootfs/bin/renew-certificates index ddc74a7..9493f1d 100755 --- a/rootfs/bin/renew-certificates +++ b/rootfs/bin/renew-certificates @@ -2,13 +2,15 @@ cd /var/lib/postgresql +SAN_DOMAINS=$(/bin/concat-sans) + OLD_MOD=$(stat -c %y /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt) lego \ --accept-tos \ --server="${POSTGRES_CA}" \ --email="${POSTGRES_ACME_EMAIL}" \ - --domains="${POSTGRES_DOMAIN}" \ + --domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \ --dns="${POSTGRES_DNS_PROVIDER}" \ renew --days 30 diff --git a/rootfs/etc/cont-init.d/02-certificates b/rootfs/etc/cont-init.d/02-certificates index c1c5dcf..48bef67 100644 --- a/rootfs/etc/cont-init.d/02-certificates +++ b/rootfs/etc/cont-init.d/02-certificates @@ -2,13 +2,7 @@ cd /var/lib/postgresql -SAN_DOMAINS="" - -export IFS=";" -for SAN in ${POSTGRES_SAN} -do - SAN_DOMAINS="${SAN_DOMAINS} --domains=\"${SAN}\"" -done +SAN_DOMAINS=$(/bin/concat-sans) if [ ! -f /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt ]; then chown -R postgres /var/lib/postgresql/.lego @@ -24,7 +18,7 @@ else --accept-tos \ --server="${POSTGRES_CA}" \ --email="${POSTGRES_ACME_EMAIL}" \ - --domains="${POSTGRES_DOMAIN}" \ + --domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \ --dns="${POSTGRES_DNS_PROVIDER}" \ renew --days 30 fi