free
/
freedombone
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

Menu option to delete a letsencrypt certificate

Bob Mottram 8 年之前
父節點
747f533efb
當前提交
047ca9979a
共有 2 個檔案被更改,包括 97 行新增21 行删除
分割檢視 顯示文件統計
  1. 44
    13
      src/freedombone-addcert
  2. 53
    8
      src/freedombone-sec

+ 44
- 13
src/freedombone-addcert 查看文件 

@@ -46,6 +46,7 @@ done
46 46 
 PIN_CERTS=
47 47
48 48 
 HOSTNAME=
49 
+remove_cert=
49 50 
 LETSENCRYPT_HOSTNAME=
50 51 
 COUNTRY_CODE="US"
51 52 
 AREA="Free Speech Zone"
 
@@ -70,19 +71,20 @@ function show_help {
70 71 
     echo ''
71 72 
     echo $'Creates a self-signed certificate for the given hostname'
72 73 
     echo ''
73 
-    echo $'     --help                   Show help'
74 
-    echo $'  -h --hostname [name]        Hostname'
75 
-    echo $'  -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
76 
-    echo $'  -s --server [url]           Lets Encrypt server URL'
77 
-    echo $'  -c --country [code]         Optional country code (eg. US, GB, etc)'
78 
-    echo $'  -a --area [description]     Optional area description'
79 
-    echo $'  -l --location [locn]        Optional location name'
80 
-    echo $'  -o --organisation [name]    Optional organisation name'
81 
-    echo $'  -u --unit [name]            Optional unit name'
82 
-    echo $'     --email [address]        Email address for letsencrypt'
83 
-    echo $'     --dhkey [bits]           DH key length in bits'
84 
-    echo $'     --nodh ""                Do not calculate DH params'
85 
-    echo $'     --ca ""                  Certificate authority cert'
74 
+    echo $'     --help                     Show help'
75 
+    echo $'  -h --hostname [name]          Hostname'
76 
+    echo $'  -e --letsencrypt [hostname]   Hostname to use with Lets Encrypt'
77 
+    echo $'  -r --rmletsencrypt [hostname] Remove a Lets Encrypt certificate'
78 
+    echo $'  -s --server [url]             Lets Encrypt server URL'
79 
+    echo $'  -c --country [code]           Optional country code (eg. US, GB, etc)'
80 
+    echo $'  -a --area [description]       Optional area description'
81 
+    echo $'  -l --location [locn]          Optional location name'
82 
+    echo $'  -o --organisation [name]      Optional organisation name'
83 
+    echo $'  -u --unit [name]              Optional unit name'
84 
+    echo $'     --email [address]          Email address for letsencrypt'
85 
+    echo $'     --dhkey [bits]             DH key length in bits'
86 
+    echo $'     --nodh ""                  Do not calculate DH params'
87 
+    echo $'     --ca ""                    Certificate authority cert'
86 88 
     echo ''
87 89 
     exit 0
88 90 
 }
 
@@ -103,6 +105,11 @@ do
103 105 
             shift
104 106 
             LETSENCRYPT_HOSTNAME="$1"
105 107 
             ;;
108 
+        -r|--rmletsencrypt)
109 
+            shift
110 
+            LETSENCRYPT_HOSTNAME="$1"
111 
+            remove_cert=1
112 
+            ;;
106 113 
         --email)
107 114 
             shift
108 115 
             MY_EMAIL_ADDRESS="$1"
 
@@ -173,6 +180,25 @@ fi
173 180
174 181 
 CERTFILE=$HOSTNAME
175 182
183 
+function remove_cert_letsencrypt {
184 
+    CERTFILE=$LETSENCRYPT_HOSTNAME
185 
+
186 
+    # disable the site if needed
187 
+    if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
188 
+        if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
189 
+            nginx_dissite ${LETSENCRYPT_HOSTNAME}
190 
+        fi
191 
+    fi
192 
+
193 
+    # remove the cert
194 
+    rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
195 
+    rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
196 
+    rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
197 
+
198 
+    # restart the web server
199 
+    systemctl restart nginx
200 
+}
201 
+
176 202 
 function add_cert_letsencrypt {
177 203 
     CERTFILE=$LETSENCRYPT_HOSTNAME
178 204 
 
@@ -307,6 +333,11 @@ function make_cert_bundle {
307 333 
 }
308 334
309 335 
 function create_cert {
336 
+    if [ $remove_cert ]; then
337 
+        remove_cert_letsencrypt
338 
+        return
339 
+    fi
340 
+
310 341 
     if [ $LETSENCRYPT_HOSTNAME ]; then
311 342 
         add_cert_letsencrypt
312 343 
     else

+ 53
- 8
src/freedombone-sec 查看文件 

@@ -479,6 +479,47 @@ function renew_letsencrypt {
479 479 
     exit 0
480 480 
 }
481 481
482 
+function delete_letsencrypt {
483 
+    delete_domain=
484 
+    data=$(tempfile 2>/dev/null)
485 
+    trap "rm -f $data" 0 1 2 5 15
486 
+    dialog --title $"Delete a Let's Encrypt certificate" \
487 
+           --backtitle $"Freedombone Security Settings" \
488 
+           --inputbox $"Enter the domain name" 8 60 2>$data
489 
+    sel=$?
490 
+    case $sel in
491 
+        0)
492 
+            delete_domain=$(<$data)
493 
+            ;;
494 
+    esac
495 
+
496 
+    if [ ! $delete_domain ]; then
497 
+        return
498 
+    fi
499 
+
500 
+    if [[ $delete_domain == "http"* ]]; then
501 
+        dialog --title $"Delete a Let's Encrypt certificate" \
502 
+               --msgbox $"Don't include the https://" 6 40
503 
+        return
504 
+    fi
505 
+
506 
+    if [ ! -f /etc/ssl/certs/${delete_domain}.dhparam ]; then
507 
+        dialog --title $"Delete a Let's Encrypt certificate" \
508 
+               --msgbox $"An existing certificate for $renew_domain was not found" 6 40
509 
+        return
510 
+    fi
511 
+
512 
+    if [[ $delete_domain != *"."* ]]; then
513 
+        dialog --title $"Delete a Let's Encrypt certificate" \
514 
+               --msgbox $"Invalid domain name: $delete_domain" 6 40
515 
+        return
516 
+    fi
517 
+
518 
+    ${PROJECT_NAME}-addcert -r $delete_domain
519 
+
520 
+    exit 0
521 
+}
522 
+
482 523 
 function create_letsencrypt {
483 524 
     new_domain=
484 525 
     data=$(tempfile 2>/dev/null)
 
@@ -923,7 +964,7 @@ function menu_security_settings {
923 964 
     trap "rm -f $data" 0 1 2 5 15
924 965 
     dialog --backtitle $"Freedombone Control Panel" \
925 966 
            --title $"Security Settings" \
926 
-           --radiolist $"Choose an operation:" 21 76 21 \
967 
+           --radiolist $"Choose an operation:" 22 76 22 \
927 968 
            1 $"Run STIG tests" off \
928 969 
            2 $"Show ssh host public key" off \
929 970 
            3 $"Tor bridges" off \
 
@@ -934,10 +975,11 @@ function menu_security_settings {
934 975 
            8 $"Update cipersuite" off \
935 976 
            9 $"Create a new Let's Encrypt certificate" off \
936 977 
            10 $"Renew Let's Encrypt certificate" off \
937 
-           11 $"Enable GPG based authentication (monkeysphere)" off \
938 
-           12 $"Register a website with monkeysphere" off \
939 
-           13 $"Allow ssh login with passwords" off \
940 
-           14 $"Go Back/Exit" on 2> $data
978 
+           11 $"Delete a Let's Encrypt certificate" off \
979 
+           12 $"Enable GPG based authentication (monkeysphere)" off \
980 
+           13 $"Register a website with monkeysphere" off \
981 
+           14 $"Allow ssh login with passwords" off \
982 
+           15 $"Go Back/Exit" on 2> $data
941 983 
     sel=$?
942 984 
     case $sel in
943 985 
         1) exit 1;;
 
@@ -1000,17 +1042,20 @@ function menu_security_settings {
1000 1042 
             renew_letsencrypt
1001 1043 
             ;;
1002 1044 
         11)
1003 
-            enable_monkeysphere
1045 
+            delete_letsencrypt
1004 1046 
             ;;
1005 1047 
         12)
1006 
-            register_website
1048 
+            enable_monkeysphere
1007 1049 
             ;;
1008 1050 
         13)
1051 
+            register_website
1052 
+            ;;
1053 
+        14)
1009 1054 
             allow_ssh_passwords
1010 1055 
             change_ssh_settings
1011 1056 
             exit 0
1012 1057 
             ;;
1013 
-        14)
1058 
+        15)
1014 1059 
             exit 0
1015 1060 
             ;;
1016 1061 
     esac