2017-09-16 20:37:13 +00:00
#!/bin/bash
# This is a library for Site Manager Plugin
# Functions for SSL On/Off
source /opt/webinoly/lib/general
site_ssl_on() {
local cermail=$(conf_read mail)
2018-09-04 01:34:14 +00:00
local root=$domain
# Some validations to prevent errors when creating certs.
2018-02-27 00:53:27 +00:00
if [[ $cache == "-root" && -n $value && -a /etc/nginx/sites-available/$value ]]; then
root="$value"
elif [[ $cache == "-root" && -n $value && ! -a /etc/nginx/sites-available/$value ]]; then
echo "${red}Root path domain is not a valid domain or is not found/hosted in this server!${end}"
exit 1
elif [[ $cache == "-root" && -z $value ]]; then
echo "${red}Please, enter a valid root path domain!${end}"
exit 1
fi
2018-04-03 18:02:39 +00:00
2018-09-02 00:14:55 +00:00
if [[ ! -d /var/www/$root/htdocs && $cache != "-root-path" ]]; then
2018-09-04 01:34:14 +00:00
echo "${red}Seems like you are trying to request an SSL Certificate for a Parked/Mapped Domain.${end}"
echo "${red}Please, use the '-root=domain.com' parameter to specify the main domain.${end}"
exit 1
fi
if [[ $cache == "-root-path" && ! -d $value ]]; then
echo "${red}[ERROR] Invalid root path!${end}"
2018-04-25 02:14:43 +00:00
exit 1
fi
2018-04-03 18:02:39 +00:00
# Check if Letsencrypt is installed
if [[ $(conf_read nginx-tool) != "true" || ! -a /usr/bin/letsencrypt ]]; then
echo "${red}[ERROR] Seems like Let's Encrypt tool is not installed!${end}"
exit 1
fi
2018-02-19 02:59:21 +00:00
2017-09-16 20:37:13 +00:00
echo "${gre}"
2017-10-22 03:35:55 +00:00
echo "*************************************************************************************************"
echo "** Please, be careful with the number of intents or certificates you try to get. **"
echo "** Let’ s Encrypt provides rate limits to ensure fair usage by as many people as possible. **"
echo "** **"
echo "** If you are getting errors or having issues when trying to get a new certificate **"
echo "** read about the Let's Encrypt rate limit - https://letsencrypt.org/docs/rate-limits/ **"
2018-11-02 19:47:11 +00:00
echo "*************************************************************************************************"
echo "${end}"
[[ $subdomflag == 0 ]] && echo "${blu}Please, be sure that${end} $domain ${blu}and${end} www.$domain ${blu}are both currently pointing (DNS) to this server. ${end}"
[[ $subdomflag == 1 ]] && echo "${blu}Please, be sure that the${end} $domain ${blu}subdomain is currently pointing (DNS) to this server. ${end}"
2017-09-16 20:37:13 +00:00
# We need an email to notify each renew intent (cron)
while [[ -z $cermail ]]
do
echo "${blu}"
read -p "Please, enter an email to register your new certificate: ${end}" cermail
if [[ "$cermail" =~ ^[a-z0-9_\+-]+(\.[a-z0-9_\+-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.([a-z]{2,4})$ ]]; then
conf_write mail $cermail
2018-09-04 01:34:14 +00:00
echo "${gre}Email address has been successfuly validated and saved! ${end}"
2017-09-16 20:37:13 +00:00
else
cermail=""
2018-09-04 01:34:14 +00:00
echo "${red}Please enter a valid email address!"
2017-09-16 20:37:13 +00:00
fi
echo "${end}"
done
2018-06-24 18:39:30 +00:00
2018-02-15 03:32:43 +00:00
# Create new certificate
2018-09-04 01:34:14 +00:00
local param="--email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple"
[[ $(conf_read debug) == "true" ]] && param="$param --test-cert"
[[ $subdomflag == 1 ]] && local domset="-d $domain" || local domset="-d $domain -d www.$domain"
2018-09-02 00:14:55 +00:00
# Wildcard
2018-09-01 02:36:06 +00:00
if [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $cache == "-wildcard" ]]; then
2018-09-04 01:34:14 +00:00
sudo certbot certonly --manual --preferred-challenges=dns --manual-public-ip-logging-ok -d $domain -d *.$domain $param
2018-09-02 00:14:55 +00:00
# Manual mode for Reverse Proxy sites
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $cache == "-root-path" ]]; then
2018-09-04 01:34:14 +00:00
conf_write temp-path $value
sudo certbot certonly --manual --preferred-challenges=http --manual-auth-hook /opt/webinoly/lib/ex-ssl-authentication --manual-cleanup-hook /opt/webinoly/lib/ex-ssl-cleanup --manual-public-ip-logging-ok $domset $param
conf_delete temp-path
2018-09-02 00:14:55 +00:00
# Single cert
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
2018-09-04 01:34:14 +00:00
sudo certbot certonly --webroot -w /var/www/$root/htdocs/ $domset $param
2018-10-31 03:21:07 +00:00
elif [[ -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
2018-11-02 19:47:11 +00:00
echo "${blu}Certificate for echo${end} $domain ${blu}already exist and found, wait while we configure your server to use it!${end}"
2017-09-16 20:37:13 +00:00
fi
2018-09-02 00:14:55 +00:00
2018-02-15 03:32:43 +00:00
# SSL Nginx Conf
2018-09-04 01:34:14 +00:00
if [[ -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
2017-09-16 20:37:13 +00:00
sudo sed -i '/listen 80/c \ listen 443 ssl http2;' /etc/nginx/sites-available/$domain
sudo sed -i '/listen \[::\]:80/c \ listen [::]:443 ssl http2;' /etc/nginx/sites-available/$domain
2018-05-02 21:41:31 +00:00
sudo sed -i '/headers-http.conf/a \ include common/headers-https.conf;' /etc/nginx/sites-available/$domain
2017-09-16 20:37:13 +00:00
sudo sed -i '/server_name /r /opt/webinoly/templates/template-site-ssl' /etc/nginx/sites-available/$domain
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s/domain.com/$domain/}" /etc/nginx/sites-available/$domain
2018-02-18 00:00:57 +00:00
# HTTP to HTTPS Redirection
2018-09-04 01:34:14 +00:00
[[ $subdomflag == 1 ]] && local sername="server_name $domain;" || local sername="server_name $domain www.$domain;"
[[ $cache == "-wildcard" ]] && sername="server_name $domain *.$domain;"
2018-02-18 00:00:57 +00:00
sudo sed -i '1r /opt/webinoly/templates/template-site-sslredirect' /etc/nginx/sites-available/$domain
sudo sed -i "/#server_name;/c \ $sername" /etc/nginx/sites-available/$domain
2017-09-16 20:37:13 +00:00
# Auto-Renew Certificate
if [[ ! -a /var/spool/cron/crontabs/root ]]; then
sudo touch /var/spool/cron/crontabs/root
sudo chmod 600 /var/spool/cron/crontabs/root
sudo chown root:crontab /var/spool/cron/crontabs/root
fi
cronmail=$( sudo grep -F "MAILTO=" /var/spool/cron/crontabs/root )
2018-06-24 18:39:30 +00:00
cronrene=$( sudo grep -F "certbot renew" /var/spool/cron/crontabs/root )
2018-04-03 18:02:39 +00:00
[[ -z $cronmail && -n $cermail && -z $cronrene ]] && echo "MAILTO=${cermail}" | sudo tee -a /var/spool/cron/crontabs/root
2018-06-24 18:39:30 +00:00
[[ -z $cronrene ]] && echo '15 3 * * 7 certbot renew --post-hook "service nginx restart"' | sudo tee -a /var/spool/cron/crontabs/root
2018-11-02 19:47:11 +00:00
echo "${gre}SSL have been successfully enabled for your site -${blu} $domain${end}"
2017-09-16 20:37:13 +00:00
else
echo "${red}"
2018-09-04 01:34:14 +00:00
echo "[ERROR] Unable to create the new certificate!"
2017-09-16 20:37:13 +00:00
echo "${end}"
fi
}
site_ssl_off() {
sudo sed -i '/listen 443/c \ listen 80;' /etc/nginx/sites-available/$domain
sudo sed -i '/listen \[::\]:443/c \ listen [::]:80;' /etc/nginx/sites-available/$domain
sudo sed -i '/headers-https.conf/d' /etc/nginx/sites-available/$domain
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$domain
2018-02-18 00:00:57 +00:00
sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{/.*/d}' /etc/nginx/sites-available/$domain
2017-09-16 20:37:13 +00:00
2018-04-03 18:02:39 +00:00
if [[ -n $value && $value == "force" ]]; then
answer=="N"
else
2018-11-02 19:47:11 +00:00
echo "${blu}Select 'Y' to revoke and delete all the certificate files."
echo "Select 'N' if you only want to deactivate this certificate momentary and you will activate it later again."
echo "${gre}"
2018-06-24 18:39:30 +00:00
echo "Do you want to delete and revoke this certificate [y/N]? "
2018-04-03 18:02:39 +00:00
while read -r -n 1 -s answer; do
answer=${answer:-n}
[[ $answer = [YyNn] ]] && break
done
echo "${end}"
fi
2017-09-16 20:37:13 +00:00
if [[ $answer == [Yy] ]]; then
2018-09-04 01:34:14 +00:00
[[ $(conf_read debug) == "true" ]] && local param="--test-cert" || local param=""
2018-06-24 18:39:30 +00:00
sudo certbot revoke --cert-path /etc/letsencrypt/live/$domain/cert.pem --delete-after-revoke $param
2017-09-16 20:37:13 +00:00
echo "${gre}"
2018-11-02 19:47:11 +00:00
echo "Certificate for your site${blu} $domain ${gre}has been completely removed!"
2017-09-16 20:37:13 +00:00
echo "${end}"
fi
2018-11-02 19:47:11 +00:00
echo "${gre}SSL has been successfully disabled for your site -${blu} $domain${end}"
2017-09-16 20:37:13 +00:00
}