certbot
Now we use certbot instead of letsencrypt. - ocsp and must staple enabled. - now we use the staging feature for debug. - restart nginx after renew. - now we revoke and delete cert instead just delete files.
This commit is contained in:
parent
b0f743035e
commit
92f72eb2a3
13
lib/install
13
lib/install
|
@ -378,13 +378,14 @@ nginx_tool() {
|
||||||
[[ $(conf_read php) == "true" ]] && nginx_tool_site
|
[[ $(conf_read php) == "true" ]] && nginx_tool_site
|
||||||
# in case php was installed before nginx
|
# in case php was installed before nginx
|
||||||
[[ $(conf_read php-tool) == "true" && ! -a /var/www/$(conf_read tools-port)/htdocs/php/index.php ]] && php_tool_site
|
[[ $(conf_read php-tool) == "true" && ! -a /var/www/$(conf_read tools-port)/htdocs/php/index.php ]] && php_tool_site
|
||||||
|
|
||||||
# Instalar Duply & Duplicity
|
|
||||||
pre_install
|
|
||||||
sudo apt-get -y install python-boto duplicity duply
|
|
||||||
|
|
||||||
# Install LetsEncrypt
|
# Install LetsEncrypt
|
||||||
sudo apt-get -y install letsencrypt
|
echo | sudo add-apt-repository ppa:certbot/certbot
|
||||||
|
pre_install
|
||||||
|
sudo apt-get -y install certbot
|
||||||
|
|
||||||
|
# Instalar Duply & Duplicity
|
||||||
|
sudo apt-get -y install python-boto duplicity duply
|
||||||
|
|
||||||
conf_write nginx-tool true
|
conf_write nginx-tool true
|
||||||
api-events_update in10
|
api-events_update in10
|
||||||
|
|
25
lib/site-ssl
25
lib/site-ssl
|
@ -55,12 +55,13 @@ site_ssl_on() {
|
||||||
fi
|
fi
|
||||||
echo "${end}"
|
echo "${end}"
|
||||||
done
|
done
|
||||||
|
|
||||||
# Create new certificate
|
# Create new certificate
|
||||||
if [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $subdomflag == 0 && $(conf_read debug) != "true" ]]; then
|
[[ $(conf_read debug) == "true" ]] && param="--test-cert" || param=""
|
||||||
sudo letsencrypt certonly --webroot -w /var/www/$root/htdocs/ -d $domain -d www.$domain --email $cermail --agree-tos
|
if [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $subdomflag == 0 ]]; then
|
||||||
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $subdomflag == 1 && $(conf_read debug) != "true" ]]; then
|
sudo certbot certonly --webroot -w /var/www/$root/htdocs/ -d $domain -d www.$domain --email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple $param
|
||||||
sudo letsencrypt certonly --webroot -w /var/www/$root/htdocs/ -d $domain --email $cermail --agree-tos
|
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $subdomflag == 1 ]]; then
|
||||||
|
sudo certbot certonly --webroot -w /var/www/$root/htdocs/ -d $domain --email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple $param
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# SSL Nginx Conf
|
# SSL Nginx Conf
|
||||||
|
@ -85,9 +86,9 @@ site_ssl_on() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cronmail=$( sudo grep -F "MAILTO=" /var/spool/cron/crontabs/root )
|
cronmail=$( sudo grep -F "MAILTO=" /var/spool/cron/crontabs/root )
|
||||||
cronrene=$( sudo grep -F "letsencrypt renew" /var/spool/cron/crontabs/root )
|
cronrene=$( sudo grep -F "certbot renew" /var/spool/cron/crontabs/root )
|
||||||
[[ -z $cronmail && -n $cermail && -z $cronrene ]] && echo "MAILTO=${cermail}" | sudo tee -a /var/spool/cron/crontabs/root
|
[[ -z $cronmail && -n $cermail && -z $cronrene ]] && echo "MAILTO=${cermail}" | sudo tee -a /var/spool/cron/crontabs/root
|
||||||
[[ -z $cronrene ]] && echo "15 3 * * 7 letsencrypt renew" | sudo tee -a /var/spool/cron/crontabs/root
|
[[ -z $cronrene ]] && echo '15 3 * * 7 certbot renew --post-hook "service nginx restart"' | sudo tee -a /var/spool/cron/crontabs/root
|
||||||
echo "${gre}SSL have been successfully enabled for site $domain!${end}"
|
echo "${gre}SSL have been successfully enabled for site $domain!${end}"
|
||||||
else
|
else
|
||||||
echo "${red}"
|
echo "${red}"
|
||||||
|
@ -108,7 +109,7 @@ site_ssl_off() {
|
||||||
answer=="N"
|
answer=="N"
|
||||||
else
|
else
|
||||||
echo "${blu}"
|
echo "${blu}"
|
||||||
echo "Do you want to delete your certificate files [y/N]? "
|
echo "Do you want to delete and revoke this certificate [y/N]? "
|
||||||
while read -r -n 1 -s answer; do
|
while read -r -n 1 -s answer; do
|
||||||
answer=${answer:-n}
|
answer=${answer:-n}
|
||||||
[[ $answer = [YyNn] ]] && break
|
[[ $answer = [YyNn] ]] && break
|
||||||
|
@ -116,13 +117,11 @@ site_ssl_off() {
|
||||||
echo "${end}"
|
echo "${end}"
|
||||||
fi
|
fi
|
||||||
if [[ $answer == [Yy] ]]; then
|
if [[ $answer == [Yy] ]]; then
|
||||||
#sudo letsencrypt delete --cert-name $domain
|
[[ $(conf_read debug) == "true" ]] && param="--test-cert" || param=""
|
||||||
rm -rf /etc/letsencrypt/live/${domain}
|
sudo certbot revoke --cert-path /etc/letsencrypt/live/$domain/cert.pem --delete-after-revoke $param
|
||||||
rm -rf /etc/letsencrypt/renewal/${domain}.conf
|
|
||||||
rm -rf /etc/letsencrypt/archive/${domain}
|
|
||||||
echo "${gre}"
|
echo "${gre}"
|
||||||
echo "Certificate for your site $domain has been completely removed!"
|
echo "Certificate for your site $domain has been completely removed!"
|
||||||
echo "${end}"
|
echo "${end}"
|
||||||
fi
|
fi
|
||||||
echo "${gre}SSL have been successfully disabled for site $domain!${end}"
|
echo "${gre}SSL has been successfully disabled for site -${blu} $domain!${end}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,7 +98,8 @@ elif [[ $arg == "-purge" && ( $opt == "-html" || $opt == "-nginx" ) ]]; then
|
||||||
[[ $(conf_read nginx-ppa) == "mainline" ]] && echo | sudo add-apt-repository --remove 'ppa:nginx/development' || echo | sudo add-apt-repository --remove 'ppa:nginx/stable'
|
[[ $(conf_read nginx-ppa) == "mainline" ]] && echo | sudo add-apt-repository --remove 'ppa:nginx/development' || echo | sudo add-apt-repository --remove 'ppa:nginx/stable'
|
||||||
api-events_update pn4
|
api-events_update pn4
|
||||||
api-events_update pn5
|
api-events_update pn5
|
||||||
sudo apt-get -y purge letsencrypt python-boto duplicity duply
|
sudo apt-get -y purge certbot python-boto duplicity duply
|
||||||
|
echo | sudo add-apt-repository --remove 'ppa:certbot/certbot'
|
||||||
sudo apt-get -y autoremove
|
sudo apt-get -y autoremove
|
||||||
sudo rm $HOME/www
|
sudo rm $HOME/www
|
||||||
sudo rm $HOME/sites-available
|
sudo rm $HOME/sites-available
|
||||||
|
|
Loading…
Reference in a new issue