From 49e4d6c53621f153f6788c912505dea009f498c3 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Wed, 11 Mar 2026 16:12:46 +0100
Subject: [PATCH] add generate new tls host cert

---
 .gitea/workflows/prod-docker-images.yml |  2 +-
 build/Dockerfile => Dockerfile          |  1 +
 build/entrypoint.sh => entrypoint.sh    |  0
 build/gpgparams => gpgparams            |  0
 scripts/generate_new_certs.sh           | 22 ++++++++++++++++++++++
 5 files changed, 24 insertions(+), 1 deletion(-)
 rename build/Dockerfile => Dockerfile (94%)
 rename build/entrypoint.sh => entrypoint.sh (100%)
 rename build/gpgparams => gpgparams (100%)
 create mode 100644 scripts/generate_new_certs.sh

diff --git a/.gitea/workflows/prod-docker-images.yml b/.gitea/workflows/prod-docker-images.yml
index e9de274..4e6813b 100644
--- a/.gitea/workflows/prod-docker-images.yml
+++ b/.gitea/workflows/prod-docker-images.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@v7
         with:
-          context: ./build
+          context: .
           push: true
           tags: |
             ${{ vars.DOCKER_REGISTRY_URL }}/${{ env.REPO_OWNER_LC }}/protonmail-bridge:latest
diff --git a/build/Dockerfile b/Dockerfile
similarity index 94%
rename from build/Dockerfile
rename to Dockerfile
index dff44cc..6b5d367 100644
--- a/build/Dockerfile
+++ b/Dockerfile
@@ -32,6 +32,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
 # Copy bash scripts
 COPY gpgparams entrypoint.sh /protonmail/
+COPY scripts/generate_new_certs.sh /root/generate_new_certs.sh
 WORKDIR /protonmail/
 
 # Copy protonmail
diff --git a/build/entrypoint.sh b/entrypoint.sh
similarity index 100%
rename from build/entrypoint.sh
rename to entrypoint.sh
diff --git a/build/gpgparams b/gpgparams
similarity index 100%
rename from build/gpgparams
rename to gpgparams
diff --git a/scripts/generate_new_certs.sh b/scripts/generate_new_certs.sh
new file mode 100644
index 0000000..97715a9
--- /dev/null
+++ b/scripts/generate_new_certs.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+if [ -z "$1" ]; then
+  echo "Please add the hostname of the Docker Container Name where the Container Should Create a Cert for"
+  echo "like: $0 protonmail-bridge"
+  exit 1
+fi
+
+# 1. choose the hostname(s) you will actually type into your mail client
+HOSTS="$1,localhost,127.0.0.1"
+
+# 2. build the openssl SAN string automatically
+SAN=$(echo "$HOSTS" | tr ',' '\n' \
+  | sed -e 's/^[0-9.]*$/IP:&/' -e 's/^[^0-9.]*$/DNS:&/' \
+  | paste -sd,)
+
+# 3. generate key + cert in one shot
+openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 \
+  -out cert.pem -subj '/CN=protonmail-bridge' \
+  -addext "subjectAltName=$SAN"
+
+# 4. quick sanity-check
+openssl x509 -in cert.pem -text -noout | grep -A1 "Subject Alternative"