ssl root-path
Let's Encrypt running in manual mode with HTTP Challenge for site with not var/www location, reverse proxy sites for instance.
This commit is contained in:
Cristhian Martínez Ochoa
parent
e1902acebe
commit
cec4995891
6
lib/ex-ssl-authentication
Normal file
6
lib/ex-ssl-authentication
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Let's Encrypt manual mode (for Reverse Proxy sites)
|
||||
sudo mkdir -p $value/.well-known/acme-challenge
|
||||
sudo touch $value/.well-known/acme-challenge/$CERTBOT_TOKEN
|
||||
sudo echo $CERTBOT_VALIDATION > $value/.well-known/acme-challenge/$CERTBOT_TOKEN
|
||||
4
lib/ex-ssl-cleanup
Normal file
4
lib/ex-ssl-cleanup
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Let's Encrypt manual mode (for Reverse Proxy sites)
|
||||
rm -rf $value/.well-known
|
||||
22
lib/site-ssl
22
lib/site-ssl
|
|
@ -18,7 +18,7 @@ site_ssl_on() {
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -d /var/www/$root/htdocs ]]; then
|
||||
if [[ ! -d /var/www/$root/htdocs && $cache != "-root-path" ]]; then
|
||||
echo "${red}Seems like you are trying to request an SSL Certificate for a Parked/Mapped Domain.!${end}"
|
||||
echo "${red}Please, use the '-root=domain.com' parameter to include the main domain path.${end}"
|
||||
exit 1
|
||||
|
|
@ -58,13 +58,25 @@ site_ssl_on() {
|
|||
|
||||
# Create new certificate
|
||||
[[ $(conf_read debug) == "true" ]] && param="--test-cert" || param=""
|
||||
[[ $subdomflag == 1 ]] && domset="-d $domain" || domset="-d $domain -d www.$domain"
|
||||
|
||||
# Wildcard
|
||||
if [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $cache == "-wildcard" ]]; then
|
||||
sudo certbot certonly --manual --preferred-challenges=dns --no-eff-email --manual-public-ip-logging-ok --agree-tos --staple-ocsp --must-staple --email $cermail -d $domain -d *.$domain $param
|
||||
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $subdomflag == 0 ]]; then
|
||||
sudo certbot certonly --webroot -w /var/www/$root/htdocs/ -d $domain -d www.$domain --email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple $param
|
||||
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $subdomflag == 1 ]]; then
|
||||
sudo certbot certonly --webroot -w /var/www/$root/htdocs/ -d $domain --email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple $param
|
||||
|
||||
# Manual mode for Reverse Proxy sites
|
||||
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $cache == "-root-path" ]]; then
|
||||
if [[ ! -d $value ]]; then
|
||||
echo "${red}[ERROR] Invalid root path!${end}"
|
||||
exit 1
|
||||
fi
|
||||
sudo certbot certonly --manual --preferred-challenges=http --manual-auth-hook /opt/webinoly/lib/ex-ssl-authentication --manual-cleanup-hook /opt/webinoly/lib/ex-ssl-cleanup $domset --no-eff-email --manual-public-ip-logging-ok --agree-tos --staple-ocsp --must-staple --email $cermail $param
|
||||
|
||||
# Single cert
|
||||
elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
|
||||
sudo certbot certonly --webroot -w /var/www/$root/htdocs/ $domset --email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple $param
|
||||
fi
|
||||
|
||||
|
||||
# SSL Nginx Conf
|
||||
if [[ -a /etc/letsencrypt/live/$root/fullchain.pem ]]; then
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# Site Manager Plugin (Create, delete and de/activate)
|
||||
# Syntax: site <domain> <option> <argument>
|
||||
# Options: -html, -php, -mysql, -wp, -wpsubdir, -wpsubdom, -parked, -proxy, -on, -off, -delete, -delete-all, -list, -nocache, -cache, -ssl-on, ssl-off, -force-redirect
|
||||
# Arguments: -cache, -root, -subdomain, -ignore-ssl, -wildcard
|
||||
# Arguments: -cache, -root, -root-path, -subdomain, -ignore-ssl, -wildcard
|
||||
|
||||
# shopt is necessary for this kind !(html|22222) of patterns
|
||||
shopt -s extglob
|
||||
|
|
@ -24,7 +24,7 @@ if [[ ! $(conf_read nginx) == "true" ]]; then
|
|||
fi
|
||||
|
||||
# Check if user entered arg before option and correct it.
|
||||
if [[ -n $cache && ($type == "-cache" || $type == "-root" || $type == "-subdomain" || $type == "-ignore-ssl" || $type == "-wildcard") ]]; then
|
||||
if [[ -n $cache && ($type == "-cache" || $type == "-root" || $type == "-root-path" || $type == "-subdomain" || $type == "-ignore-ssl" || $type == "-wildcard") ]]; then
|
||||
type="$3"
|
||||
cache="$2"
|
||||
fi
|
||||
|
|
@ -39,7 +39,7 @@ if [[ $type == "-parked="* || $type == "-proxy="* || $type == "-wp="* || $type =
|
|||
value=$(echo "${type}" | cut -d'=' -f 2 -s)
|
||||
type=$(echo "${type}" | cut -d'=' -f 1 -s)
|
||||
fi
|
||||
if [[ $cache == "-root="* || $cache == "-subdomain="* ]]; then
|
||||
if [[ $cache == "-root="* || $cache == "-subdomain="* || $cache == "-root-path="* ]]; then
|
||||
value=$(echo "${cache}" | cut -d'=' -f 2 -s)
|
||||
cache=$(echo "${cache}" | cut -d'=' -f 1 -s)
|
||||
fi
|
||||
|
|
@ -111,7 +111,7 @@ fi
|
|||
if [[ $cache == "-cache" && $wp == [045] ]]; then
|
||||
echo "${red} Site $domain is not a WP site! ${end}"
|
||||
exit 1
|
||||
elif [[ -n $cache && ( $cache != "-cache" && $cache != "-root" && $cache != "-subdomain" && $cache != "-ignore-ssl" && $cache != "-wildcard" ) && $type != "-parked" ]]; then
|
||||
elif [[ -n $cache && ( $cache != "-cache" && $cache != "-root" && $cache != "-root-path" && $cache != "-subdomain" && $cache != "-ignore-ssl" && $cache != "-wildcard" ) && $type != "-parked" ]]; then
|
||||
echo "${red} $cache is not a valid argument! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue