From 4fc672c3c44a60275a80b2bcb4fd9dae5d412cbd Mon Sep 17 00:00:00 2001
From: Keonik1 <keonik.dev@gmail.com>
Date: Sat, 23 Aug 2025 21:30:08 +0300
Subject: [PATCH] Fix bug with attaching certs

---
 docker/docker-compose-traefik.yaml    | 4 ++--
 docker/example.env                    | 4 ++--
 docker/files/entrypoint.sh            | 8 ++++----
 docker/files/setup_chatmail_docker.sh | 4 ++--
 docs/DOCKER_INSTALLATION_EN.md        | 6 +++---
 docs/DOCKER_INSTALLATION_RU.md        | 6 +++---
 traefik/post-hook.sh                  | 3 +++
 7 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/docker/docker-compose-traefik.yaml b/docker/docker-compose-traefik.yaml
index 18b8b9a0..08a0de93 100644
--- a/docker/docker-compose-traefik.yaml
+++ b/docker/docker-compose-traefik.yaml
@@ -29,7 +29,7 @@ services:
       # RECREATE_VENV: "false"
       USE_FOREIGN_CERT_MANAGER: "true"
       CHANGE_KERNEL_SETTINGS: "false"
-      PATH_TO_SSL_CONTAINER: $PATH_TO_SSL_CONTAINER
+      PATH_TO_SSL: "${CERTS_ROOT_DIR_CONTAINER}/${MAIL_DOMAIN}"
       ENABLE_CERTS_MONITORING: "true"
       # CERTS_MONITORING_TIMEOUT: 60
       # IS_DEVELOPMENT_INSTANCE: "true"
@@ -43,7 +43,7 @@ services:
       ## system
       - /sys/fs/cgroup:/sys/fs/cgroup:rw # required for systemd
       - ./:/opt/chatmail
-      - ${PATH_TO_SSL_HOST}:${PATH_TO_SSL_CONTAINER}:ro
+      - ${CERTS_ROOT_DIR_HOST}:${CERTS_ROOT_DIR_CONTAINER}:ro
       
       ## data
       - ./data/chatmail:/home
diff --git a/docker/example.env b/docker/example.env
index 4d8b7804..fdaa193b 100644
--- a/docker/example.env
+++ b/docker/example.env
@@ -1,5 +1,5 @@
 MAIL_DOMAIN="chat.example.com"
 ACME_EMAIL="my.email@gmail.com"
 
-PATH_TO_SSL_HOST="./traefik/data/letsencrypt/certs/${MAIL_DOMAIN}"
-PATH_TO_SSL_CONTAINER="/var/lib/acme/live/${MAIL_DOMAIN}"
+CERTS_ROOT_DIR_HOST="./traefik/data/letsencrypt/certs"
+CERTS_ROOT_DIR_CONTAINER="/var/lib/acme/live"
diff --git a/docker/files/entrypoint.sh b/docker/files/entrypoint.sh
index 750c134b..1f2ea370 100755
--- a/docker/files/entrypoint.sh
+++ b/docker/files/entrypoint.sh
@@ -2,13 +2,13 @@
 set -eo pipefail
 
 if [ "${USE_FOREIGN_CERT_MANAGER,,}" == "true" ]; then
-    if [ ! -f "$PATH_TO_SSL_CONTAINER/fullchain" ]; then
-        echo "Error: file '$PATH_TO_SSL_CONTAINER/fullchain' does not exist. Exiting..." > /dev/stderr
+    if [ ! -f "$PATH_TO_SSL/fullchain" ]; then
+        echo "Error: file '$PATH_TO_SSL/fullchain' does not exist. Exiting..." > /dev/stderr
         sleep 2
         exit 1
     fi
-    if [ ! -f "$PATH_TO_SSL_CONTAINER/privkey" ]; then
-        echo "Error: file '$PATH_TO_SSL_CONTAINER/privkey' does not exist. Exiting..." > /dev/stderr
+    if [ ! -f "$PATH_TO_SSL/privkey" ]; then
+        echo "Error: file '$PATH_TO_SSL/privkey' does not exist. Exiting..." > /dev/stderr
         sleep 2
         exit 1
     fi
diff --git a/docker/files/setup_chatmail_docker.sh b/docker/files/setup_chatmail_docker.sh
index f3fb4d4f..50f1e4ca 100755
--- a/docker/files/setup_chatmail_docker.sh
+++ b/docker/files/setup_chatmail_docker.sh
@@ -4,7 +4,7 @@ set -eo pipefail
 export INI_FILE="${INI_FILE:-chatmail.ini}"
 export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
 export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
-export PATH_TO_SSL_CONTAINER="${PATH_TO_SSL_CONTAINER:-/var/lib/acme/live/${MAIL_DOMAIN}}"
+export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
 export CHANGE_KERNEL_SETTINGS=${CHANGE_KERNEL_SETTINGS:-"False"}
 export RECREATE_VENV=${RECREATE_VENV:-"false"}
 
@@ -20,7 +20,7 @@ debug_commands() {
 }
 
 calculate_hash() {
-    find "$PATH_TO_SSL_CONTAINER" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
+    find "$PATH_TO_SSL" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
 }
 
 monitor_certificates() {
diff --git a/docs/DOCKER_INSTALLATION_EN.md b/docs/DOCKER_INSTALLATION_EN.md
index 0a8beac0..3dfff036 100644
--- a/docs/DOCKER_INSTALLATION_EN.md
+++ b/docs/DOCKER_INSTALLATION_EN.md
@@ -72,7 +72,7 @@ sudo sysctl --system
 - `USE_FOREIGN_CERT_MANAGER` – Use a third-party certificate manager. (default: `false`)
 - `RECREATE_VENV` - Recreate the virtual environment (venv). If set to `true`, the environment will be recreated when the container starts, which will increase the startup time of the service but can help avoid certain errors. (default: `false`)
 - `INI_FILE` – Path to the ini configuration file. (default: `./chatmail.ini`)
-- `PATH_TO_SSL_CONTAINER` – Path to where the certificates are stored. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
+- `PATH_TO_SSL` – Path to where the certificates are stored. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
 - `ENABLE_CERTS_MONITORING` – Enable certificate monitoring if `USE_FOREIGN_CERT_MANAGER=true`. If certificates change, services will be automatically restarted. (default: `false`)
 - `CERTS_MONITORING_TIMEOUT` – Interval in seconds to check if certificates have changed. (default: `'60'`)
 
@@ -171,10 +171,10 @@ set -eo pipefail
 
 export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
 export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
-export PATH_TO_SSL_CONTAINER="${PATH_TO_SSL_CONTAINER:-/var/lib/acme/live/${MAIL_DOMAIN}}"
+export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
 
 calculate_hash() {
-    find "$PATH_TO_SSL_CONTAINER" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
+    find "$PATH_TO_SSL" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
 }
 
 monitor_certificates() {
diff --git a/docs/DOCKER_INSTALLATION_RU.md b/docs/DOCKER_INSTALLATION_RU.md
index 6eeff130..e523a2aa 100644
--- a/docs/DOCKER_INSTALLATION_RU.md
+++ b/docs/DOCKER_INSTALLATION_RU.md
@@ -64,7 +64,7 @@ sudo sysctl --system
 - `USE_FOREIGN_CERT_MANAGER` - Использовать сторонний менеджер сертификатов. (default: `false`)
 - `RECREATE_VENV` - Пересоздать виртуальное окружение (venv). Если выставлено `true`, то окружение будет пересоздано при запуске контейнера, из-за чего включение сервиса займет больше времени, но поможет избежать ряда ошибок. (default: `false`)
 - `INI_FILE` - путь к ini файлу конфигурации. (default: `./chatmail.ini`)
-- `PATH_TO_SSL_CONTAINER` - Путь где располагаются сертификаты. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
+- `PATH_TO_SSL` - Путь где располагаются сертификаты. (default: `/var/lib/acme/live/${MAIL_DOMAIN}`)
 - `ENABLE_CERTS_MONITORING` - Включить мониторинг сертификатов, если `USE_FOREIGN_CERT_MANAGER=true`.  Если сертфикаты изменятся сервисы будут автоматически перезапущены. (default: `false`)
 - `CERTS_MONITORING_TIMEOUT` - Раз во сколько секунд проверять что изменились сертификаты. (default: `'60'`)
 
@@ -150,10 +150,10 @@ set -eo pipefail
 
 export ENABLE_CERTS_MONITORING="${ENABLE_CERTS_MONITORING:-true}"
 export CERTS_MONITORING_TIMEOUT="${CERTS_MONITORING_TIMEOUT:-60}"
-export PATH_TO_SSL_CONTAINER="${PATH_TO_SSL_CONTAINER:-/var/lib/acme/live/${MAIL_DOMAIN}}"
+export PATH_TO_SSL="${PATH_TO_SSL:-/var/lib/acme/live/${MAIL_DOMAIN}}"
 
 calculate_hash() {
-    find "$PATH_TO_SSL_CONTAINER" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
+    find "$PATH_TO_SSL" -type f -exec sha1sum {} \; | sort | sha1sum | awk '{print $1}'
 }
 
 monitor_certificates() {
diff --git a/traefik/post-hook.sh b/traefik/post-hook.sh
index 06667fe5..377e00fc 100755
--- a/traefik/post-hook.sh
+++ b/traefik/post-hook.sh
@@ -1,6 +1,9 @@
 CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
 
+echo "CERTS_DIR: $CERTS_DIR"
+
 for dir in "$CERTS_DIR"/*/; do
+    echo "Processing: $dir"
     cd "$dir"
     if [ -f "certificate.crt" ]; then
         ln -sf certificate.crt fullchain