瀏覽代碼

Create a letsencrypt cert for a domain

Bob Mottram 9 年之前
父節點
當前提交
3fb7a127ad
共有 1 個檔案被更改,包括 57 行新增11 行删除
  1. 57
    11
      src/freedombone-sec

+ 57
- 11
src/freedombone-sec 查看文件

@@ -58,6 +58,7 @@ CURRENT_DIR=$(pwd)
58 58
 REGENERATE_SSH_HOST_KEYS="no"
59 59
 REGENERATE_DH_KEYS="no"
60 60
 DH_KEYLENGTH=2048
61
+LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
61 62
 
62 63
 function get_protocols_from_website {
63 64
   if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
@@ -365,7 +366,7 @@ function regenerate_dh_keys {
365 366
           3) DH_KEYLENGTH=4096;;
366 367
       esac
367 368
 
368
-	  ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
369
+      ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
369 370
   fi
370 371
 }
371 372
 
@@ -384,25 +385,25 @@ function renew_startssl {
384 385
   esac
385 386
 
386 387
   if [ ! $renew_domain ]; then
387
-	  return
388
+      return
388 389
   fi
389 390
 
390 391
   if [[ $renew_domain == "http"* ]]; then
391 392
       dialog --title $"Renew a StartSSL certificate" \
392 393
              --msgbox $"Don't include the https://" 6 40
393
-	  return
394
+      return
394 395
   fi
395 396
 
396 397
   if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
397 398
       dialog --title $"Renew a StartSSL certificate" \
398 399
              --msgbox $"An existing certificate for $renew_domain was not found" 6 40
399
-	  return
400
+      return
400 401
   fi
401 402
 
402 403
   if [[ $renew_domain != *"."* ]]; then
403 404
       dialog --title $"Renew a StartSSL certificate" \
404 405
              --msgbox $"Invalid domain name: $renew_domain" 6 40
405
-	  return
406
+      return
406 407
   fi
407 408
 
408 409
   ${PROJECT_NAME}-renew-cert -h $renew_domain -p startssl
@@ -425,25 +426,25 @@ function renew_letsencrypt {
425 426
   esac
426 427
 
427 428
   if [ ! $renew_domain ]; then
428
-	  return
429
+      return
429 430
   fi
430 431
 
431 432
   if [[ $renew_domain == "http"* ]]; then
432 433
       dialog --title $"Renew a Let's Encrypt certificate" \
433 434
              --msgbox $"Don't include the https://" 6 40
434
-	  return
435
+      return
435 436
   fi
436 437
 
437 438
   if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
438 439
       dialog --title $"Renew a Let's Encrypt certificate" \
439 440
              --msgbox $"An existing certificate for $renew_domain was not found" 6 40
440
-	  return
441
+      return
441 442
   fi
442 443
 
443 444
   if [[ $renew_domain != *"."* ]]; then
444 445
       dialog --title $"Renew a Let's Encrypt certificate" \
445 446
              --msgbox $"Invalid domain name: $renew_domain" 6 40
446
-	  return
447
+      return
447 448
   fi
448 449
 
449 450
   ${PROJECT_NAME}-renew-cert -h $renew_domain -p 'letsencrypt'
@@ -451,15 +452,57 @@ function renew_letsencrypt {
451 452
   exit 0
452 453
 }
453 454
 
455
+function create_letsencrypt {
456
+  new_domain=
457
+  data=$(tempfile 2>/dev/null)
458
+  trap "rm -f $data" 0 1 2 5 15
459
+  dialog --title $"Create a new Let's Encrypt certificate" \
460
+         --backtitle $"Freedombone Security Settings" \
461
+         --inputbox $"Enter the domain name" 8 60 2>$data
462
+  sel=$?
463
+  case $sel in
464
+      0)
465
+          new_domain=$(<$data)
466
+          ;;
467
+  esac
468
+
469
+  if [ ! $new_domain ]; then
470
+      return
471
+  fi
472
+
473
+  if [[ $new_domain == "http"* ]]; then
474
+      dialog --title $"Create a new Let's Encrypt certificate" \
475
+             --msgbox $"Don't include the https://" 6 40
476
+      return
477
+  fi
478
+
479
+  if [[ $new_domain != *"."* ]]; then
480
+      dialog --title $"Create a new Let's Encrypt certificate" \
481
+             --msgbox $"Invalid domain name: $new_domain" 6 40
482
+      return
483
+  fi
484
+
485
+  if [ ! -d /var/www/${new_domain} ]; then
486
+      dialog --title $"Create a new Let's Encrypt certificate" \
487
+             --msgbox $'Domain not found within /var/www' 6 40
488
+      return
489
+  fi
490
+
491
+  ${PROJECT_NAME}-addcert -e $new_domain -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
492
+
493
+  exit 0
494
+}
495
+
454 496
 function housekeeping {
455 497
   cmd=(dialog --separate-output \
456 498
               --backtitle "Freedombone Security Configuration" \
457 499
               --title "Housekeeping options" \
458
-              --checklist "If you don't need to do any of these things then just press Enter:" 12 76 16)
500
+              --checklist "If you don't need to do any of these things then just press Enter:" 13 76 16)
459 501
   options=(1 "Regenerate ssh host keys" off
460 502
            2 "Regenerate Diffie-Hellman keys" off
461 503
            3 "Renew a StartSSL certificate" off
462
-           4 "Renew Let's Encrypt certificate" off)
504
+           4 "Create a new Let's Encrypt certificate" off
505
+           5 "Renew Let's Encrypt certificate" off)
463 506
   choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
464 507
   clear
465 508
   for choice in $choices
@@ -475,6 +518,9 @@ function housekeeping {
475 518
         renew_startssl
476 519
         ;;
477 520
       4)
521
+        create_letsencrypt
522
+        ;;
523
+      5)
478 524
         renew_letsencrypt
479 525
         ;;
480 526
     esac