From 49175402c2f3c86656445a55da6df4d96c9588f6 Mon Sep 17 00:00:00 2001 From: kyle Date: Wed, 2 Apr 2025 14:51:15 -0400 Subject: [PATCH 1/2] Feature: add DISCOURSE_ACME_DNS_MODE --- samples/standalone.yml | 6 ++++++ samples/web_only.yml | 6 ++++++ templates/web.letsencrypt.ssl.template.yml | 6 +++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/samples/standalone.yml b/samples/standalone.yml index e6d946f03..62c0e45ab 100644 --- a/samples/standalone.yml +++ b/samples/standalone.yml @@ -74,6 +74,12 @@ env: ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com + ## To use DNS verification with letsencrypt uncomment below and add the relevant environment variables from: https://github.com/acmesh-official/acme.sh/wiki/dnsapi + # (cloudflare example) + #DISCOURSE_ACME_DNS_MODE: dns_cf + #CF_Keys: 763eac4f1bcebd8b5c95e9fc50d010b4 + #CF_EMAIL: user@example.com + ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details #DISCOURSE_CDN_URL: https://discourse-cdn.example.com diff --git a/samples/web_only.yml b/samples/web_only.yml index c4753dde0..03452273c 100644 --- a/samples/web_only.yml +++ b/samples/web_only.yml @@ -65,6 +65,12 @@ env: ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com + ## To use DNS verification with letsencrypt uncomment below and add the relevant environment variables from: https://github.com/acmesh-official/acme.sh/wiki/dnsapi + # (cloudflare example) + #DISCOURSE_ACME_DNS_MODE: dns_cf + #CF_Keys: 763eac4f1bcebd8b5c95e9fc50d010b4 + #CF_EMAIL: user@example.com + ## TODO: configure connectivity to the databases DISCOURSE_DB_SOCKET: '' #DISCOURSE_DB_USERNAME: discourse diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml index ba5f55178..2a6b89aff 100644 --- a/templates/web.letsencrypt.ssl.template.yml +++ b/templates/web.letsencrypt.ssl.template.yml @@ -59,7 +59,11 @@ hooks: /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf issue_cert() { - LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --issue $2 -d $$ENV_DISCOURSE_HOSTNAME --keylength $1 -w /var/www/discourse/public + if [ -z $DISCOURSE_ACME_DNS_MODE ]; then + LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --issue $2 -d $$ENV_DISCOURSE_HOSTNAME --keylength $1 -w /var/www/discourse/public + else + LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --dns ${DISCOURSE_ACME_DNS_MODE} --issue $2 -d $$ENV_DISCOURSE_HOSTNAME --keylength $1 -w /var/www/discourse/public + fi } cert_exists() { From 78a00e5ae2a354588273f8e4f0cb944709b36e56 Mon Sep 17 00:00:00 2001 From: kyle Date: Fri, 4 Apr 2025 16:20:08 -0400 Subject: [PATCH 2/2] fixed critical typo --- samples/standalone.yml | 4 ++-- samples/web_only.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/samples/standalone.yml b/samples/standalone.yml index 62c0e45ab..17050080d 100644 --- a/samples/standalone.yml +++ b/samples/standalone.yml @@ -77,8 +77,8 @@ env: ## To use DNS verification with letsencrypt uncomment below and add the relevant environment variables from: https://github.com/acmesh-official/acme.sh/wiki/dnsapi # (cloudflare example) #DISCOURSE_ACME_DNS_MODE: dns_cf - #CF_Keys: 763eac4f1bcebd8b5c95e9fc50d010b4 - #CF_EMAIL: user@example.com + #CF_Key: 763eac4f1bcebd8b5c95e9fc50d010b4 + #CF_Email: user@example.com ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details diff --git a/samples/web_only.yml b/samples/web_only.yml index 03452273c..74d01eaa8 100644 --- a/samples/web_only.yml +++ b/samples/web_only.yml @@ -68,8 +68,8 @@ env: ## To use DNS verification with letsencrypt uncomment below and add the relevant environment variables from: https://github.com/acmesh-official/acme.sh/wiki/dnsapi # (cloudflare example) #DISCOURSE_ACME_DNS_MODE: dns_cf - #CF_Keys: 763eac4f1bcebd8b5c95e9fc50d010b4 - #CF_EMAIL: user@example.com + #CF_Key: 763eac4f1bcebd8b5c95e9fc50d010b4 + #CF_Email: user@example.com ## TODO: configure connectivity to the databases DISCOURSE_DB_SOCKET: ''