Menu option to delete a letsencrypt certificate

src/freedombone-addcert

 PIN_CERTS=
 
 HOSTNAME=
+remove_cert=
 LETSENCRYPT_HOSTNAME=
 COUNTRY_CODE="US"
 AREA="Free Speech Zone"
     echo ''
     echo $'Creates a self-signed certificate for the given hostname'
     echo ''
-    echo $'     --help                   Show help'
-    echo $'  -h --hostname [name]        Hostname'
-    echo $'  -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
-    echo $'  -s --server [url]           Lets Encrypt server URL'
-    echo $'  -c --country [code]         Optional country code (eg. US, GB, etc)'
-    echo $'  -a --area [description]     Optional area description'
-    echo $'  -l --location [locn]        Optional location name'
-    echo $'  -o --organisation [name]    Optional organisation name'
-    echo $'  -u --unit [name]            Optional unit name'
-    echo $'     --email [address]        Email address for letsencrypt'
-    echo $'     --dhkey [bits]           DH key length in bits'
-    echo $'     --nodh ""                Do not calculate DH params'
-    echo $'     --ca ""                  Certificate authority cert'
+    echo $'     --help                     Show help'
+    echo $'  -h --hostname [name]          Hostname'
+    echo $'  -e --letsencrypt [hostname]   Hostname to use with Lets Encrypt'
+    echo $'  -r --rmletsencrypt [hostname] Remove a Lets Encrypt certificate'
+    echo $'  -s --server [url]             Lets Encrypt server URL'
+    echo $'  -c --country [code]           Optional country code (eg. US, GB, etc)'
+    echo $'  -a --area [description]       Optional area description'
+    echo $'  -l --location [locn]          Optional location name'
+    echo $'  -o --organisation [name]      Optional organisation name'
+    echo $'  -u --unit [name]              Optional unit name'
+    echo $'     --email [address]          Email address for letsencrypt'
+    echo $'     --dhkey [bits]             DH key length in bits'
+    echo $'     --nodh ""                  Do not calculate DH params'
+    echo $'     --ca ""                    Certificate authority cert'
     echo ''
     exit 0
 }
             shift
             LETSENCRYPT_HOSTNAME="$1"
             ;;
+        -r|--rmletsencrypt)
+            shift
+            LETSENCRYPT_HOSTNAME="$1"
+            remove_cert=1
+            ;;
         --email)
             shift
             MY_EMAIL_ADDRESS="$1"
 
 CERTFILE=$HOSTNAME
 
+function remove_cert_letsencrypt {
+    CERTFILE=$LETSENCRYPT_HOSTNAME
+
+    # disable the site if needed
+    if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
+        if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
+            nginx_dissite ${LETSENCRYPT_HOSTNAME}
+        fi
+    fi
+
+    # remove the cert
+    rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
+    rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
+    rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
+
+    # restart the web server
+    systemctl restart nginx
+}
+
 function add_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
 }
 
 function create_cert {
+    if [ $remove_cert ]; then
+        remove_cert_letsencrypt
+        return
+    fi
+
     if [ $LETSENCRYPT_HOSTNAME ]; then
         add_cert_letsencrypt
     else

src/freedombone-sec

     exit 0
 }
 
+function delete_letsencrypt {
+    delete_domain=
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Delete a Let's Encrypt certificate" \
+           --backtitle $"Freedombone Security Settings" \
+           --inputbox $"Enter the domain name" 8 60 2>$data
+    sel=$?
+    case $sel in
+        0)
+            delete_domain=$(<$data)
+            ;;
+    esac
+
+    if [ ! $delete_domain ]; then
+        return
+    fi
+
+    if [[ $delete_domain == "http"* ]]; then
+        dialog --title $"Delete a Let's Encrypt certificate" \
+               --msgbox $"Don't include the https://" 6 40
+        return
+    fi
+
+    if [ ! -f /etc/ssl/certs/${delete_domain}.dhparam ]; then
+        dialog --title $"Delete a Let's Encrypt certificate" \
+               --msgbox $"An existing certificate for $renew_domain was not found" 6 40
+        return
+    fi
+
+    if [[ $delete_domain != *"."* ]]; then
+        dialog --title $"Delete a Let's Encrypt certificate" \
+               --msgbox $"Invalid domain name: $delete_domain" 6 40
+        return
+    fi
+
+    ${PROJECT_NAME}-addcert -r $delete_domain
+
+    exit 0
+}
+
 function create_letsencrypt {
     new_domain=
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Security Settings" \
-           --radiolist $"Choose an operation:" 21 76 21 \
+           --radiolist $"Choose an operation:" 22 76 22 \
            1 $"Run STIG tests" off \
            2 $"Show ssh host public key" off \
            3 $"Tor bridges" off \
            8 $"Update cipersuite" off \
            9 $"Create a new Let's Encrypt certificate" off \
            10 $"Renew Let's Encrypt certificate" off \
-           11 $"Enable GPG based authentication (monkeysphere)" off \
-           12 $"Register a website with monkeysphere" off \
-           13 $"Allow ssh login with passwords" off \
-           14 $"Go Back/Exit" on 2> $data
+           11 $"Delete a Let's Encrypt certificate" off \
+           12 $"Enable GPG based authentication (monkeysphere)" off \
+           13 $"Register a website with monkeysphere" off \
+           14 $"Allow ssh login with passwords" off \
+           15 $"Go Back/Exit" on 2> $data
     sel=$?
     case $sel in
         1) exit 1;;
             renew_letsencrypt
             ;;
         11)
-            enable_monkeysphere
+            delete_letsencrypt
             ;;
         12)
-            register_website
+            enable_monkeysphere
             ;;
         13)
+            register_website
+            ;;
+        14)
             allow_ssh_passwords
             change_ssh_settings
             exit 0
             ;;
-        14)
+        15)
             exit 0
             ;;
     esac