From d4945f9677713dd7019848b2aeee966fd433833b Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pascal.vizeli@syshack.ch>
Date: Tue, 16 Jan 2018 15:18:59 +0100
Subject: [PATCH] remove TLS-SMI (#229)

* remove TLS-SMI

* Update config.json

* Create CHANGELOG.md

* Update config.json

* Update config.json
---
 letsencrypt/CHANGELOG.md |  5 +++++
 letsencrypt/config.json  |  7 ++-----
 letsencrypt/run.sh       | 12 ++----------
 3 files changed, 9 insertions(+), 15 deletions(-)
 create mode 100644 letsencrypt/CHANGELOG.md

diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
new file mode 100644
index 0000000..2578e91
--- /dev/null
+++ b/letsencrypt/CHANGELOG.md
@@ -0,0 +1,5 @@
+# Changelog
+
+## 2.0
+- Update base image
+- Remove support for TLS-SNI
diff --git a/letsencrypt/config.json b/letsencrypt/config.json
index ae9bfd4..3918313 100644
--- a/letsencrypt/config.json
+++ b/letsencrypt/config.json
@@ -1,25 +1,22 @@
 {
   "name": "Let's Encrypt",
-  "version": "1.2",
+  "version": "2.0",
   "slug": "letsencrypt",
   "description": "Manage certificate from Let's Encrypt",
   "url": "https://home-assistant.io/addons/lets_encrypt/",
   "startup": "once",
   "boot": "manual",
   "ports": {
-    "80/tcp": 80,
-    "443/tcp": 443
+    "80/tcp": 80
    },
   "map": ["ssl:rw"],
   "options": {
-    "challenge": "https",
     "email": null,
     "domains": [null],
     "certfile": "fullchain.pem",
     "keyfile": "privkey.pem"
   },
   "schema": {
-    "challenge": "str",
     "email": "email",
     "domains": ["str"],
     "certfile": "str",
diff --git a/letsencrypt/run.sh b/letsencrypt/run.sh
index e35d496..b07b617 100644
--- a/letsencrypt/run.sh
+++ b/letsencrypt/run.sh
@@ -5,7 +5,6 @@ CERT_DIR=/data/letsencrypt
 WORK_DIR=/data/workdir
 CONFIG_PATH=/data/options.json
 
-CHALLENGE=$(jq --raw-output ".challenge" $CONFIG_PATH)
 EMAIL=$(jq --raw-output ".email" $CONFIG_PATH)
 DOMAINS=$(jq --raw-output ".domains[]" $CONFIG_PATH)
 KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
@@ -13,13 +12,6 @@ CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
 
 mkdir -p "$CERT_DIR"
 
-# Select challenge
-if [ "$CHALLENGE" == "http" ]; then
-    CERTBOT_CHALLENGE="http"
-else
-    CERTBOT_CHALLENGE="tls-sni"
-fi
-
 # Generate new certs
 if [ ! -d "$CERT_DIR/live" ]; then
     DOMAIN_ARR=()
@@ -28,11 +20,11 @@ if [ ! -d "$CERT_DIR/live" ]; then
     done
 
     echo "$DOMAINS" > /data/domains.gen
-    certbot certonly --non-interactive --standalone --email "$EMAIL" --agree-tos --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "$CERTBOT_CHALLENGE" "${DOMAIN_ARR[@]}"
+    certbot certonly --non-interactive --standalone --email "$EMAIL" --agree-tos --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "http" "${DOMAIN_ARR[@]}"
 
 # Renew certs
 else
-    certbot renew --non-interactive --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "$CERTBOT_CHALLENGE"
+    certbot renew --non-interactive --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "http"
 fi
 
 # copy certs to store