From 1aaf24c9adc4264658e52da2705cef06d519082e Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Tue, 17 Nov 2020 10:26:41 +0100
Subject: [PATCH] Fix letsencrypt access to certbot for the mail-letsencrypt
 flavour

(cherry picked from commit d32e73c5bc166e16b43e03dd45160fb76c2b0c30)

# Conflicts:
#	core/nginx/conf/nginx.conf
---
 core/nginx/conf/nginx.conf          | 4 ++++
 towncrier/newsfragments/1686.bugfix | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 towncrier/newsfragments/1686.bugfix

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index dd2176ca..1d7f41eb 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -171,7 +171,11 @@ http {
       {% endif %}
 
       # If TLS is failing, prevent access to anything except certbot
+<<<<<<< HEAD
       {% if TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %}
+=======
+      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %}
+>>>>>>> d32e73c5 (Fix letsencrypt access to certbot for the mail-letsencrypt flavour)
       location / {
         return 403;
       }
diff --git a/towncrier/newsfragments/1686.bugfix b/towncrier/newsfragments/1686.bugfix
new file mode 100644
index 00000000..932d7d7c
--- /dev/null
+++ b/towncrier/newsfragments/1686.bugfix
@@ -0,0 +1 @@
+Fix letsencrypt access to certbot for the mail-letsencrypt flavour