rollback panel ssl fix #35

niiknow · Feb 14, 2018 · af941f6 · af941f6
1 parent 945a29e
commit af941f6
Showing 1 changed file with 62 additions and 9 deletions.
diff --git a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh
@@ -4,20 +4,19 @@
 source /etc/container_environment.sh
 
 VESTA_PATH='/usr/local/vesta'
-hostname="$VESTA_DOMAIN"
+domain="$VESTA_DOMAIN"
 user='admin'
-export PATH=$PATH:/usr/local/vesta/bin
 
-# only run if hostname has a value
-if [ -n "$hostname" ]; then
+# only run if domain has a value
+if [ -n "$domain" ]; then
 
     # too often, user did not setup DNS host to IP correctly, so we should validate first
     # issue is easier fix by the user than getting blocked by Letsencrypt server
     #
-    # validate that the hostname matches the IP
+    # validate that the domain matches the IP
 
     # get the ip
-    DOMAINIP=$( dig +short ${hostname}  | grep -v "\.$" | head -n 1 )
+    DOMAINIP=$( dig +short ${domain}  | grep -v "\.$" | head -n 1 )
 
     # only run if the variable is empty
     if [[ -z "$MYIP" ]]; then
@@ -26,7 +25,7 @@ if [ -n "$hostname" ]; then
 
     # create the website under admin for Letsencrypt SSL
     if [[ $DOMAINIP != $MYIP ]]; then
-        echo "[err] Domain '$hostname' IP '$DOMAINIP' does not match Host IP '$MYIP'"
+        echo "[err] Domain '$domain' IP '$DOMAINIP' does not match Host IP '$MYIP'"
 
         # only error message to prevent error in app startup
         exit 0
@@ -36,8 +35,62 @@ if [ -n "$hostname" ]; then
     # since letsencrypt need to hit and validate
     sleep 5
 
-    v-update-host-certificate $user $hostname
-    exit 0
+    cert_src="/home/${user}/conf/web/ssl.${domain}.pem"
+    key_src="/home/${user}/conf/web/ssl.${domain}.key"
+
+    cert_dst="/usr/local/vesta/ssl/certificate.crt"
+    key_dst="/usr/local/vesta/ssl/certificate.key"
+
+    if [ ! -f "/usr/local/vesta/data/users/$user/ssl/le.conf" ]; then
+        tldomain=`echo $domain | grep -oP '[^.]+\.+[^.]+$'`
+        echo "[i] Creating letsencrypt '$user' with email '$user@$tldomain'"
+
+        $VESTA_PATH/bin/v-add-letsencrypt-user "$user" "$user@$tldomain"
+    fi
+
+    if [ ! -d "/home/$user/web/$domain/" ]; then
+        echo "[i] Creating website '$domain' for '$user'"
+
+        $VESTA_PATH/bin/v-add-web-domain "$user" "$domain" '127.0.0.1' 'no' 'none' ''
+    fi
+
+    # if no letsencrypt cert, create one
+    if [ ! -f "$cert_src" ]; then
+        echo "[i] Creating cert for '$user' domain '$domain'"
+
+        $VESTA_PATH/bin/v-add-letsencrypt-domain "$user" "$domain" '' 'yes'
+
+        # wait for letsencrypt to complete
+        # a better check would be for the existence of $cert_src with x retries
+        sleep 5
+    fi
+
+    if [ ! -f "$cert_src" ]; then
+        echo "[err] cert not found '$cert_src'"
+
+        # only error message to prevent error in app startup
+        exit 0
+    fi
+
+    if ! cmp -s $cert_dst $cert_src
+    then
+        # backup the old cert
+        cp -fn $cert_dst "$cert_dst.bak"
+        cp -fn $key_dst "$key_dst.bak"
+
+        # link the new cert
+        ln -sf $cert_src $cert_dst
+        ln -sf $key_src $key_dst
+
+        # Change Permission
+        chown root:mail $cert_dst
+        chown root:mail $key_dst
+
+        # Let the user restart the service by themself
+        # service vesta restart &> /dev/null
+        # service exim4 restart &> /dev/null
+        echo "[i] Cert file successfullly swapped out.  Please restart docker or vesta, apache2, nginx, and exim4."
+    fi
 else
     echo "[i] vesta-auto-ssl exit due to empty VESTA_DOMAIN variable"
 fi