From af941f67c69bbea95b923c4353978d4cc0adcb7d Mon Sep 17 00:00:00 2001 From: Tom Noogen Date: Wed, 14 Feb 2018 09:55:47 -0600 Subject: [PATCH] rollback panel ssl fix #35 --- rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh | 71 ++++++++++++++++++--- 1 file changed, 62 insertions(+), 9 deletions(-) diff --git a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh index 146123f..bd16463 100755 --- a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh +++ b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh @@ -4,20 +4,19 @@ source /etc/container_environment.sh VESTA_PATH='/usr/local/vesta' -hostname="$VESTA_DOMAIN" +domain="$VESTA_DOMAIN" user='admin' -export PATH=$PATH:/usr/local/vesta/bin -# only run if hostname has a value -if [ -n "$hostname" ]; then +# only run if domain has a value +if [ -n "$domain" ]; then # too often, user did not setup DNS host to IP correctly, so we should validate first # issue is easier fix by the user than getting blocked by Letsencrypt server # - # validate that the hostname matches the IP + # validate that the domain matches the IP # get the ip - DOMAINIP=$( dig +short ${hostname} | grep -v "\.$" | head -n 1 ) + DOMAINIP=$( dig +short ${domain} | grep -v "\.$" | head -n 1 ) # only run if the variable is empty if [[ -z "$MYIP" ]]; then @@ -26,7 +25,7 @@ if [ -n "$hostname" ]; then # create the website under admin for Letsencrypt SSL if [[ $DOMAINIP != $MYIP ]]; then - echo "[err] Domain '$hostname' IP '$DOMAINIP' does not match Host IP '$MYIP'" + echo "[err] Domain '$domain' IP '$DOMAINIP' does not match Host IP '$MYIP'" # only error message to prevent error in app startup exit 0 @@ -36,8 +35,62 @@ if [ -n "$hostname" ]; then # since letsencrypt need to hit and validate sleep 5 - v-update-host-certificate $user $hostname - exit 0 + cert_src="/home/${user}/conf/web/ssl.${domain}.pem" + key_src="/home/${user}/conf/web/ssl.${domain}.key" + + cert_dst="/usr/local/vesta/ssl/certificate.crt" + key_dst="/usr/local/vesta/ssl/certificate.key" + + if [ ! -f "/usr/local/vesta/data/users/$user/ssl/le.conf" ]; then + tldomain=`echo $domain | grep -oP '[^.]+\.+[^.]+$'` + echo "[i] Creating letsencrypt '$user' with email '$user@$tldomain'" + + $VESTA_PATH/bin/v-add-letsencrypt-user "$user" "$user@$tldomain" + fi + + if [ ! -d "/home/$user/web/$domain/" ]; then + echo "[i] Creating website '$domain' for '$user'" + + $VESTA_PATH/bin/v-add-web-domain "$user" "$domain" '127.0.0.1' 'no' 'none' '' + fi + + # if no letsencrypt cert, create one + if [ ! -f "$cert_src" ]; then + echo "[i] Creating cert for '$user' domain '$domain'" + + $VESTA_PATH/bin/v-add-letsencrypt-domain "$user" "$domain" '' 'yes' + + # wait for letsencrypt to complete + # a better check would be for the existence of $cert_src with x retries + sleep 5 + fi + + if [ ! -f "$cert_src" ]; then + echo "[err] cert not found '$cert_src'" + + # only error message to prevent error in app startup + exit 0 + fi + + if ! cmp -s $cert_dst $cert_src + then + # backup the old cert + cp -fn $cert_dst "$cert_dst.bak" + cp -fn $key_dst "$key_dst.bak" + + # link the new cert + ln -sf $cert_src $cert_dst + ln -sf $key_src $key_dst + + # Change Permission + chown root:mail $cert_dst + chown root:mail $key_dst + + # Let the user restart the service by themself + # service vesta restart &> /dev/null + # service exim4 restart &> /dev/null + echo "[i] Cert file successfullly swapped out. Please restart docker or vesta, apache2, nginx, and exim4." + fi else echo "[i] vesta-auto-ssl exit due to empty VESTA_DOMAIN variable" fi \ No newline at end of file