From ec6dbb099aa4ae559b10217906a62da694c6f182 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Wed, 2 Jul 2025 10:37:23 +0200
Subject: [PATCH 1/2] [ACME] Remove deprecated ACME_CONTACT variable

---
 data/Dockerfiles/acme/acme.sh               | 14 +------
 data/Dockerfiles/acme/obtain-certificate.sh |  4 +-
 docker-compose.yml                          |  3 +-
 generate_config.sh                          |  7 ----
 update.sh                                   | 44 ++++++++++-----------
 5 files changed, 25 insertions(+), 47 deletions(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index a6766efd0..15b757ff9 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -159,18 +159,6 @@ while true; do
   fi
   if [[ ! -f ${ACME_BASE}/acme/account.pem ]]; then
     log_f "Generating missing Lets Encrypt account key..."
-    if [[ ! -z ${ACME_CONTACT} ]]; then
-      if ! verify_email "${ACME_CONTACT}"; then
-        log_f "Invalid email address, will not start registration!"
-        sleep 365d
-        exec $(readlink -f "$0")
-      else
-        ACME_CONTACT_PARAMETER="--contact mailto:${ACME_CONTACT}"
-        log_f "Valid email address, using ${ACME_CONTACT} for registration"
-      fi
-    else
-      ACME_CONTACT_PARAMETER=""
-    fi
     openssl genrsa 4096 > ${ACME_BASE}/acme/account.pem
   else
     log_f "Using existing Lets Encrypt account key ${ACME_BASE}/acme/account.pem"
@@ -299,7 +287,7 @@ while true; do
     VALIDATED_CERTIFICATES+=("${CERT_NAME}")
 
     # obtain server certificate if required
-    ACME_CONTACT_PARAMETER=${ACME_CONTACT_PARAMETER} DOMAINS=${SERVER_SAN_VALIDATED[@]} /srv/obtain-certificate.sh rsa
+    DOMAINS=${SERVER_SAN_VALIDATED[@]} /srv/obtain-certificate.sh rsa
     RETURN="$?"
     if [[ "$RETURN" == "0" ]]; then # 0 = cert created successfully
       CERT_AMOUNT_CHANGED=1
diff --git a/data/Dockerfiles/acme/obtain-certificate.sh b/data/Dockerfiles/acme/obtain-certificate.sh
index 16c4e2588..f476bf666 100644
--- a/data/Dockerfiles/acme/obtain-certificate.sh
+++ b/data/Dockerfiles/acme/obtain-certificate.sh
@@ -93,8 +93,8 @@ until dig letsencrypt.org +time=3 +tries=1 @unbound > /dev/null; do
   sleep 2
 done
 log_f "Resolver OK"
-log_f "Using command acme-tiny ${DIRECTORY_URL} ${ACME_CONTACT_PARAMETER} --account-key ${ACME_BASE}/acme/account.pem --disable-check --csr ${CSR} --acme-dir /var/www/acme/"
-ACME_RESPONSE=$(acme-tiny ${DIRECTORY_URL} ${ACME_CONTACT_PARAMETER} \
+log_f "Using command acme-tiny ${DIRECTORY_URL} --account-key ${ACME_BASE}/acme/account.pem --disable-check --csr ${CSR} --acme-dir /var/www/acme/"
+ACME_RESPONSE=$(acme-tiny ${DIRECTORY_URL} \
   --account-key ${ACME_BASE}/acme/account.pem \
   --disable-check \
   --csr ${CSR} \
diff --git a/docker-compose.yml b/docker-compose.yml
index a67475316..edc2b10ff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -440,12 +440,11 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: ghcr.io/mailcow/acme:1.92
+      image: ghcr.io/mailcow/acme:1.93
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
         - LOG_LINES=${LOG_LINES:-9999}
-        - ACME_CONTACT=${ACME_CONTACT:-}
         - ADDITIONAL_SAN=${ADDITIONAL_SAN}
         - AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
diff --git a/generate_config.sh b/generate_config.sh
index c4396a9ce..61b72109c 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -498,13 +498,6 @@ DOVECOT_MASTER_USER=
 # LEAVE EMPTY IF UNSURE
 DOVECOT_MASTER_PASS=
 
-# Let's Encrypt registration contact information
-# Optional: Leave empty for none
-# This value is only used on first order!
-# Setting it at a later point will require the following steps:
-# https://docs.mailcow.email/troubleshooting/debug-reset_tls/
-ACME_CONTACT=
-
 # WebAuthn device manufacturer verification
 # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
diff --git a/update.sh b/update.sh
index e4e88afb3..2c6cbaff2 100755
--- a/update.sh
+++ b/update.sh
@@ -353,7 +353,6 @@ adapt_new_options() {
   "DOVECOT_MASTER_PASS"
   "MAILCOW_PASS_SCHEME"
   "ADDITIONAL_SERVER_NAMES"
-  "ACME_CONTACT"
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
@@ -599,16 +598,6 @@ adapt_new_options() {
         echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
         echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
       fi
-    elif [[ ${option} == "ACME_CONTACT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Lets Encrypt registration contact information' >> mailcow.conf
-        echo '# Optional: Leave empty for none' >> mailcow.conf
-        echo '# This value is only used on first order!' >> mailcow.conf
-        echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
-        echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
-        echo 'ACME_CONTACT=' >> mailcow.conf
-      fi
     elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
       if ! grep -q ${option} mailcow.conf; then
         echo "Adding new option \"${option}\" to mailcow.conf"
@@ -761,6 +750,26 @@ detect_major_update() {
   fi
 }
 
+remove_obsolete_options() {
+  OBSOLETE_OPTIONS=(
+    "ACME_CONTACT"
+  )
+
+  for option in "${OBSOLETE_OPTIONS[@]}"; do
+    if [[ "$option" == "ACME_CONTACT" ]]; then
+      sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
+      sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
+      sed -i '/^# This value is only used on first order!/d' mailcow.conf
+      sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf
+      sed -i '/^# https:\/\/docs.mailcow.email\/troubleshooting\/debug-reset_tls\//d' mailcow.conf
+      sed -i '/^ACME_CONTACT=.*/d' mailcow.conf
+      sed -i '/^#ACME_CONTACT=.*/d' mailcow.conf
+    else
+      sed -i "/^${option}=.*/d" mailcow.conf
+      sed -i "/^#${option}=.*/d" mailcow.conf
+    fi
+  done
+}
 ############## End Function Section ##############
 
 # Check permissions
@@ -996,7 +1005,6 @@ CONFIG_ARRAY=(
   "DOVECOT_MASTER_PASS"
   "MAILCOW_PASS_SCHEME"
   "ADDITIONAL_SERVER_NAMES"
-  "ACME_CONTACT"
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
@@ -1232,17 +1240,6 @@ for option in "${CONFIG_ARRAY[@]}"; do
       echo '# in the reverse proxy.' >> mailcow.conf
       echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
     fi
-
-  elif [[ "${option}" == "ACME_CONTACT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Lets Encrypt registration contact information' >> mailcow.conf
-      echo '# Optional: Leave empty for none' >> mailcow.conf
-      echo '# This value is only used on first order!' >> mailcow.conf
-      echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
-      echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
-      echo 'ACME_CONTACT=' >> mailcow.conf
-    fi
   elif [[ "${option}" == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
     if ! grep -q "${option}" mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
@@ -1488,6 +1485,7 @@ done
 [[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
 migrate_solr_config_options
 adapt_new_options
+remove_obsolete_options
 
 # Silently fixing remote url from andryyy to mailcow
 # git remote set-url origin https://github.com/mailcow/mailcow-dockerized

From fc43c26c4852d741311a867cf5aa39ae58b77a14 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Thu, 3 Jul 2025 12:38:28 +0200
Subject: [PATCH 2/2] Remove obsolete ACME_CONTACT option and related comments
 from mailcow.conf

---
 update.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/update.sh b/update.sh
index 2c6cbaff2..b7d22bf8a 100755
--- a/update.sh
+++ b/update.sh
@@ -758,6 +758,7 @@ remove_obsolete_options() {
   for option in "${OBSOLETE_OPTIONS[@]}"; do
     if [[ "$option" == "ACME_CONTACT" ]]; then
       sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
+      sed -i "/^# Let's Encrypt registration contact information/d" mailcow.conf
       sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
       sed -i '/^# This value is only used on first order!/d' mailcow.conf
       sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf