github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta.git synced 2025-01-10 21:12:52 -08:00
Code Issues Packages Projects Releases Wiki Activity
myvesta/bin/v-add-letsencrypt-domain
Serghey Rodin e6d6fc7de1
Merge pull request #1209 from joubertredrat/524-letsencrypt-public_shtml 
Fix on ssl home definition on Lets Encrypt cert renew
2017-12-11 18:38:50 +02:00

160 lines
5.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# info: adding letsencrypt ssl cetificate for domain
# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
#
# The function turns on SSL support for a domain. Parameter ssl_dir is a path
# to directory where 2 or 3 ssl files can be found. Certificate file
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
aliases=$3
restart=$4
notify=$5
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
# Additional argument formatting
format_domain_idn
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing domain data
get_domain_values 'web'
# Registering LetsEncrypt user account
$BIN/v-add-letsencrypt-user $user
if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "Account registration failed"
check_result $E_CONNECT "LE account registration" >/dev/null
fi
# Parsing LetsEncrypt account data
source $USER_DATA/ssl/le.conf
email=$EMAIL
# Validating domain and aliases
i=1
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
$BIN/v-check-letsencrypt-domain $user $alias
if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "$alias validation failed"
check_result $E_INVALID "LE domain validation" >/dev/null
fi
# Checking LE limits per account
if [ "$i" -gt 100 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
check_result $E_LIMIT "LE can't sign more than 100 domains"
fi
i=$((i++))
done
# Generating CSR
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
# Signing CSR
crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "$alias validation failed"
check_result "$E_INVALID" "LE $domain validation"
fi
echo "$crt" > $ssl_dir/$domain.crt
# Dowloading CA certificate
le_certs='https://letsencrypt.org/certs'
x1='lets-encrypt-x1-cross-signed.pem.txt'
x3='lets-encrypt-x3-cross-signed.pem.txt'
issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
if [ -z "$(echo $issuer|grep X3)" ]; then
curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
else
curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
fi
# Adding SSL
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
if [ "$?" -ne '0' ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice 'LETSENCRYPT' "$domain certificate installation failed"
check_result $? "SSL install" >/dev/null
fi
# Adding LE autorenew cronjob
if [ -z "$(grep v-update-lets $VESTA/data/users/admin/cron.conf)" ]; then
min=$(generate_password '012345' '2')
hour=$(generate_password '1234567' '1')
cmd="sudo $BIN/v-update-letsencrypt-ssl"
$BIN/v-add-cron-job admin "$min" "$hour" '*' '*' '*' "$cmd" > /dev/null
fi
# Updating letsencrypt key
if [ -z "$LETSENCRYPT" ]; then
add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT' 'FTP_USER'
fi
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting web
$BIN/v-restart-web $restart
if [ "$?" -ne 0 ]; then
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
fi
# Notifying user
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
# Deleteing task from queue
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
# Logging
log_event "$OK" "$ARGUMENTS"
exit
Reference in New Issue View Git Blame Copy Permalink