fix: remove ssl entries if skipping certbot

README.md

@@ -72,7 +72,7 @@ Some commands to deploy the RPM package on server
 
 - Show available versions:
   ```shell
-  dnf --showduplicates netoik-rp
+  dnf search --showduplicates netoik-rp
   ```
 
 - Create certbot ovh credentials here: 
@@ -98,6 +98,11 @@ Some commands to deploy the RPM package on server
   set +a
   ```
 
+- Install or upgrade without certbot (for testing environment)
+  ```shell
+  SKIP_CERTBOT=true dnf --nogpgcheck --refresh --assumeyes --best install netoik-rp
+  ```
+
 
 # Security Notes
 

files/systemd/certbot-renew.service

@@ -2,4 +2,4 @@
 Description=Renew certbot certificates
 
 [Service]
-ExecStart=certbot_renew
+ExecStart=/usr/sbin/certbot_renew

netoik-rp.spec

@@ -22,30 +22,40 @@ Install the reverse proxy called nginx with a predefined configuration and with
 %make_install
 
 %post
-# Replace secrets in ovh.ini
-envsubst < %{_sysconfdir}/certbot/ovh.ini > %{_sysconfdir}/certbot/.ovh.ini.new
-if cmp --silent %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini; then
-	rm %{_sysconfdir}/certbot/.ovh.ini.new
-else
+if [ -z $SKIP_CERTBOT ]; then
+	# Check required OVH variables
+	if [ -z $OVH_ENDPOINT ]; then echo "Missing env var OVH_ENDPOINT!" 1>&2; exit 1; fi
+	if [ -z $OVH_APPLICATION_NAME ]; then echo "Missing env var OVH_APPLICATION_KEY!" 1>&2; exit 1; fi
+	if [ -z $OVH_APPLICATION_DESCRIPTION ]; then echo "Missing env var OVH_APPLICATION_DESCRIPTION!" 1>&2; exit 1; fi
+	if [ -z $OVH_APPLICATION_KEY ]; then echo "Missing env var OVH_APPLICATION_KEY!" 1>&2; exit 1; fi
+	if [ -z $OVH_APPLICATION_SECRET ]; then echo "Missing env var OVH_APPLICATION_SECRET!" 1>&2; exit 1; fi
+	if [ -z $OVH_CONSUMER_KEY ]; then echo "Missing env var OVH_CONSUMER_KEY!" 1>&2; exit 1; fi
+
+	# Replace secrets in ovh.ini
+	envsubst < %{_sysconfdir}/certbot/ovh.ini > %{_sysconfdir}/certbot/.ovh.ini.new
 	mv %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini
 	chmod 600 %{_sysconfdir}/certbot/ovh.ini
-fi
 
-# Create virtualenv with certot
-if [ ! -d "/opt/certbot" ]; then
+	# Create virtualenv with certot
+	if [ ! -d "/opt/certbot" ]; then
 		python3 -m venv /opt/certbot
 		/opt/certbot/bin/pip install --upgrade pip certbot certbot-nginx certbot-dns-ovh
 		ln --symbolic --force --target-directory %{_sbindir} /opt/certbot/bin/certbot
-fi
+	fi
 
-# Create certbot certificates
-if ! certbot certificates --cert-name netoik.io | grep --quiet netoik.io; then
+	# Create certbot certificates
+	if ! certbot certificates --cert-name netoik.io | grep --quiet netoik.io; then
 		certbot certonly --cert-name netoik.io --non-interactive --agree-tos --email samuel.campos@netoik.io --dns-ovh --dns-ovh-credentials %{_sysconfdir}/certbot/ovh.ini -d *.netoik.io -d *.samuel-campos.fr
-fi
+	fi
 
-# Create ssl dh params if not already exists
-if [ ! -f "%{_sysconfdir}/letsencrypt/ssl-dhparams.pem" ]; then
+	# Create ssl dh params if not already exists
+	if [ ! -f "%{_sysconfdir}/letsencrypt/ssl-dhparams.pem" ]; then
 		openssl dhparam -out %{_sysconfdir}/letsencrypt/ssl-dhparams.pem 2048
+	fi
+
+else
+	# Skipping certbot, so remove certificate entries in nginx conf
+	sed --in-place 's/^ssl_certificate/# ssl_certificate/g' %{_sysconfdir}/nginx/conf.d/0_security.conf
 fi
 
 # Restart services