mirror of
https://github.com/myvesta/vesta.git
synced 2025-01-10 21:12:52 -08:00
9947764365
This issue is getting some hits on the forum. Tiny typo on Line 58. exponent=$(openssl pkey -inform perm -in "$key" -noout -text_pub |\ -inform perm is not a valid openssl pkey option. The correct code iis: exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
113 lines
3.3 KiB
Bash
Executable File
113 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# info: register letsencrypt user account
|
|
# options: USER [EMAIL]
|
|
#
|
|
# The function creates and register LetsEncript account key
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Variable&Function #
|
|
#----------------------------------------------------------#
|
|
|
|
# Argument definition
|
|
user=$1
|
|
email=$2
|
|
key_size=4096
|
|
|
|
# Includes
|
|
source $VESTA/func/main.sh
|
|
source $VESTA/conf/vesta.conf
|
|
|
|
# encode base64
|
|
encode_base64() {
|
|
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
|
}
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
check_args '1' "$#" 'USER [EMAIL]'
|
|
is_format_valid 'user'
|
|
is_object_valid 'user' 'USER' "$user"
|
|
if [ -e "$USER_DATA/ssl/le.conf" ]; then
|
|
exit
|
|
fi
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
api='https://acme-v01.api.letsencrypt.org'
|
|
if [ -z "$email" ]; then
|
|
email=$(get_user_value '$CONTACT')
|
|
fi
|
|
|
|
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
|
|
|
|
# Generating key
|
|
key="$USER_DATA/ssl/user.key"
|
|
if [ ! -e "$key" ]; then
|
|
openssl genrsa -out $key $key_size >/dev/null 2>&1
|
|
chmod 600 $key
|
|
fi
|
|
|
|
# Defining key exponent
|
|
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
|
|
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
|
|
xxd -r -p |encode_base64)
|
|
|
|
# Defining key modulus
|
|
modulus=$(openssl rsa -in "$key" -modulus -noout |\
|
|
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
|
|
|
|
# Defining key thumb
|
|
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
|
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
|
|
|
|
# Defining JWK header
|
|
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
|
header='{"alg":"RS256","jwk":'"$header"'}'
|
|
|
|
# Requesting nonce
|
|
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
|
|
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
|
|
|
# Defining registration query
|
|
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
|
|
query=$query'"agreement":"'$agreement'"}'
|
|
payload=$(echo -n "$query" |encode_base64)
|
|
signature=$(printf "%s" "$protected.$payload" |\
|
|
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
|
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
|
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
|
|
|
# Sending request to LetsEncrypt API
|
|
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
|
|
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
|
|
|
|
# Checking http answer status
|
|
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
|
|
check_result $E_CONNECT "LetsEncrypt account registration $status"
|
|
fi
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Vesta #
|
|
#----------------------------------------------------------#
|
|
|
|
# Adding le.conf
|
|
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
|
|
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
|
|
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
|
|
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
|
|
chmod 660 $USER_DATA/ssl/le.conf
|
|
|
|
|
|
# Logging
|
|
log_event "$OK" "$ARGUMENTS"
|
|
|
|
exit
|