ssl improvements

- ssl for wpsubdom removed, wildcard is enough.
- ssl-root-path fixed.
- some minor code improvements.

lib/ex-ssl-authentication

@@ -1,6 +1,8 @@
 #!/bin/bash
 
 # Let's Encrypt manual mode (for Reverse Proxy sites)
-sudo mkdir -p $value/.well-known/acme-challenge
-sudo touch $value/.well-known/acme-challenge/$CERTBOT_TOKEN
-sudo echo $CERTBOT_VALIDATION > $value/.well-known/acme-challenge/$CERTBOT_TOKEN
+source /opt/webinoly/lib/general
+sslpath=$(conf_read temp-path)
+sudo mkdir -p $sslpath/.well-known/acme-challenge
+sudo touch $sslpath/.well-known/acme-challenge/$CERTBOT_TOKEN
+sudo echo $CERTBOT_VALIDATION > $sslpath/.well-known/acme-challenge/$CERTBOT_TOKEN

lib/ex-ssl-cleanup

@@ -1,4 +1,6 @@
 #!/bin/bash
 
 # Let's Encrypt manual mode (for Reverse Proxy sites)
-rm -rf $value/.well-known
+source /opt/webinoly/lib/general
+sslpath=$(conf_read temp-path)
+sudo rm -rf $sslpath/.well-known

lib/install

@@ -3,7 +3,7 @@ source /opt/webinoly/lib/general
 
 
 app_version() { 
-	local app_ver="1.6.0-beta"
+	local app_ver="1.6.0"
 	echo $app_ver
 }
 svr_version() { 

lib/site-ssl

@@ -7,7 +7,9 @@ source /opt/webinoly/lib/general
 
 site_ssl_on() {
 	local cermail=$(conf_read mail)
-	local root="$domain"
+	local root=$domain
+	
+	# Some validations to prevent errors when creating certs.
 	if [[ $cache == "-root" && -n $value && -a /etc/nginx/sites-available/$value ]]; then
 		root="$value"
 	elif [[ $cache == "-root" && -n $value && ! -a /etc/nginx/sites-available/$value ]]; then
@@ -19,8 +21,12 @@ site_ssl_on() {
 	fi
 	
 	if [[ ! -d /var/www/$root/htdocs && $cache != "-root-path" ]]; then
-		echo "${red}Seems like you are trying to request an SSL Certificate for a Parked/Mapped Domain.!${end}"
-		echo "${red}Please, use the '-root=domain.com' parameter to include the main domain path.${end}"
+		echo "${red}Seems like you are trying to request an SSL Certificate for a Parked/Mapped Domain.${end}"
+		echo "${red}Please, use the '-root=domain.com' parameter to specify the main domain.${end}"
+		exit 1
+	fi
+	if [[ $cache == "-root-path" && ! -d $value ]]; then
+		echo "${red}[ERROR] Invalid root path!${end}"
 		exit 1
 	fi
 	
@@ -48,38 +54,37 @@ site_ssl_on() {
 		read -p "Please, enter an email to register your new certificate: ${end}" cermail
 		if [[ "$cermail" =~ ^[a-z0-9_\+-]+(\.[a-z0-9_\+-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.([a-z]{2,4})$ ]]; then
 			conf_write mail $cermail
-			echo "${gre} Email address has been successfuly validated and saved! ${end}"
+			echo "${gre}Email address has been successfuly validated and saved! ${end}"
 		else
 			cermail=""
-			echo "${red}  Please enter a valid email address!"
+			echo "${red}Please enter a valid email address!"
 		fi
 		echo "${end}"
 	done
 	
 	# Create new certificate
-	[[ $(conf_read debug) == "true" ]] && param="--test-cert" || param=""
-	[[ $subdomflag == 1 ]] && domset="-d $domain" || domset="-d $domain -d www.$domain"
+	local param="--email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple"
+	[[ $(conf_read debug) == "true" ]] && param="$param --test-cert"
+	[[ $subdomflag == 1 ]] && local domset="-d $domain" || local domset="-d $domain -d www.$domain"
 	
 	# Wildcard
 	if [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $cache == "-wildcard" ]]; then
-		sudo certbot certonly --manual --preferred-challenges=dns --no-eff-email --manual-public-ip-logging-ok --agree-tos --staple-ocsp --must-staple --email $cermail -d $domain -d *.$domain $param
+		sudo certbot certonly --manual --preferred-challenges=dns --manual-public-ip-logging-ok -d $domain -d *.$domain $param
 	
 	# Manual mode for Reverse Proxy sites
 	elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem && $cache == "-root-path" ]]; then
-		if [[ ! -d $value ]]; then
-			echo "${red}[ERROR] Invalid root path!${end}"
-			exit 1
-		fi
-		sudo certbot certonly --manual --preferred-challenges=http --manual-auth-hook /opt/webinoly/lib/ex-ssl-authentication --manual-cleanup-hook /opt/webinoly/lib/ex-ssl-cleanup $domset --no-eff-email --manual-public-ip-logging-ok --agree-tos --staple-ocsp --must-staple --email $cermail $param
+		conf_write temp-path $value
+		sudo certbot certonly --manual --preferred-challenges=http --manual-auth-hook /opt/webinoly/lib/ex-ssl-authentication --manual-cleanup-hook /opt/webinoly/lib/ex-ssl-cleanup --manual-public-ip-logging-ok $domset $param
+		conf_delete temp-path
 	
 	# Single cert
 	elif [[ ! -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
-		sudo certbot certonly --webroot -w /var/www/$root/htdocs/ $domset --email $cermail --no-eff-email --agree-tos --staple-ocsp --must-staple $param
+		sudo certbot certonly --webroot -w /var/www/$root/htdocs/ $domset $param
 	fi
 	
 	
 	# SSL Nginx Conf
-	if [[ -a /etc/letsencrypt/live/$root/fullchain.pem ]]; then
+	if [[ -a /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
 		sudo sed -i '/listen 80/c \	listen 443 ssl http2;' /etc/nginx/sites-available/$domain
 		sudo sed -i '/listen \[::\]:80/c \	listen [::]:443 ssl http2;' /etc/nginx/sites-available/$domain
 		sudo sed -i '/headers-http.conf/a \	include common/headers-https.conf;' /etc/nginx/sites-available/$domain
@@ -87,8 +92,8 @@ site_ssl_on() {
 		sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s/domain.com/$domain/}" /etc/nginx/sites-available/$domain
 		
 		# HTTP to HTTPS Redirection
-		local sername="server_name $domain www.$domain;"
-		[[ $subdomflag == 1 ]] && sername="server_name $domain;"
+		[[ $subdomflag == 1 ]] && local sername="server_name $domain;" || local sername="server_name $domain www.$domain;"
+		[[ $cache == "-wildcard" ]] && sername="server_name $domain *.$domain;"
 		sudo sed -i '1r /opt/webinoly/templates/template-site-sslredirect' /etc/nginx/sites-available/$domain
 		sudo sed -i "/#server_name;/c \	$sername" /etc/nginx/sites-available/$domain
 		
@@ -106,7 +111,7 @@ site_ssl_on() {
 		echo "${gre}SSL have been successfully enabled for site $domain!${end}"
 	else
 		echo "${red}"
-		echo " [ERROR] Certified not created!"
+		echo "[ERROR] Unable to create the new certificate!"
 		echo "${end}"
 	fi
 }
@@ -131,7 +136,7 @@ site_ssl_off() {
 		echo "${end}"
 	fi
 	if [[ $answer == [Yy] ]]; then
-		[[ $(conf_read debug) == "true" ]] && param="--test-cert" || param=""
+		[[ $(conf_read debug) == "true" ]] && local param="--test-cert" || local param=""
 		sudo certbot revoke --cert-path /etc/letsencrypt/live/$domain/cert.pem --delete-after-revoke $param
 		echo "${gre}"
 		echo "Certificate for your site $domain has been completely removed!"

plugins/site

@@ -311,24 +311,6 @@ elif [[ "$type" == "-delete" && -a /etc/nginx/sites-available/$domain ]]; then
 elif [[ "$type" == "-ssl-on" && -a /etc/nginx/sites-available/$domain ]]; then
 	isssl=$( grep -F "ssl on;" /etc/nginx/sites-available/$domain )
 	[[ -z $isssl ]] && site_ssl_on || echo "${red}SSL is already enabled for site $domain!${end}"
-# SSL for WP-subdom subsites
-elif [[ "$type" == "-ssl-on" && ! -a /etc/nginx/sites-available/$domain && $subdomflag == 1 && $cache == "-root" && ! -d /var/www/$domain/htdocs && $tld == $value && -d /var/www/$tld/htdocs/wp-admin && -a /etc/nginx/sites-available/$value ]]; then
-	if [[ -a /var/www/$value/wp-config.php ]]; then
-		wpconfpath="/var/www/$value/wp-config.php"
-	elif [[ -a /var/www/$value/htdocs/wp-config.php ]]; then
-		wpconfpath="/var/www/$value/htdocs/wp-config.php"
-	else
-		echo "${red}[ERROR] wp-config.php file not found!${end}"
-		exit 1
-	fi
-	
-	wpsubdom=$( grep -F "'SUBDOMAIN_INSTALL'" $wpconfpath | cut -f 2 -d "," )
-	if [[ $wpsubdom == *"true"* ]]; then
-		echo "${blu}* SSL for WP Multisite with subdomain configuration.${end}"
-		site_ssl_on
-	else
-		echo "${red}[ERROR] $value is not a WP Multisite with subdomain configuration.${end}"
-	fi
 
 	
 # SSL disabled (Letsencrypt)