# we check that a valid cert is there already.
# to put the hostname in the known hosts
if ! ssh -o StrictHostKeyChecking=no root@li.iankelling.org :; then
# we check that a valid cert is there already.
# to put the hostname in the known hosts
if ! ssh -o StrictHostKeyChecking=no root@li.iankelling.org :; then
- openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/openvpn/mail.crt
+ # This just causes failure if our cert is going to expire in the next 30 days.
+ # Certs I generate last 10 years.
+ openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in /etc/openvpn/mail.crt
else
# note, man openvpn implies we could just call mail-route on vpn startup/shutdown with
# systemd, buuut it can remake the tun device unexpectedly, i got this in the log
else
# note, man openvpn implies we could just call mail-route on vpn startup/shutdown with
# systemd, buuut it can remake the tun device unexpectedly, i got this in the log
# MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
# smarthost config type, not sure. all other settings
# would be unused in that config type.
# MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
# smarthost config type, not sure. all other settings
# would be unused in that config type.
debconf-set-selections <<EOF
exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail
exim4-config exim4/dc_smarthost string $smarthost
debconf-set-selections <<EOF
exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; no local mail
exim4-config exim4/dc_smarthost string $smarthost