free
/
freedombone
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Przeglądaj źródła

Create a letsencrypt cert for a domain

Bob Mottram 9 lat temu
rodzic
178f9becd1
commit
3fb7a127ad
1 zmienionych plików z 57 dodań i 11 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 57
    11
      src/freedombone-sec

+ 57
- 11
src/freedombone-sec Wyświetl plik 

@@ -58,6 +58,7 @@ CURRENT_DIR=$(pwd)
58 58 
 REGENERATE_SSH_HOST_KEYS="no"
59 59 
 REGENERATE_DH_KEYS="no"
60 60 
 DH_KEYLENGTH=2048
61 
+LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
61 62
62 63 
 function get_protocols_from_website {
63 64 
   if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
 
@@ -365,7 +366,7 @@ function regenerate_dh_keys {
365 366 
           3) DH_KEYLENGTH=4096;;
366 367 
       esac
367 368
368 
-	  ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
369 
+      ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
369 370 
   fi
370 371 
 }
371 372 
 
@@ -384,25 +385,25 @@ function renew_startssl {
384 385 
   esac
385 386
386 387 
   if [ ! $renew_domain ]; then
387 
-	  return
388 
+      return
388 389 
   fi
389 390
390 391 
   if [[ $renew_domain == "http"* ]]; then
391 392 
       dialog --title $"Renew a StartSSL certificate" \
392 393 
              --msgbox $"Don't include the https://" 6 40
393 
-	  return
394 
+      return
394 395 
   fi
395 396
396 397 
   if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
397 398 
       dialog --title $"Renew a StartSSL certificate" \
398 399 
              --msgbox $"An existing certificate for $renew_domain was not found" 6 40
399 
-	  return
400 
+      return
400 401 
   fi
401 402
402 403 
   if [[ $renew_domain != *"."* ]]; then
403 404 
       dialog --title $"Renew a StartSSL certificate" \
404 405 
              --msgbox $"Invalid domain name: $renew_domain" 6 40
405 
-	  return
406 
+      return
406 407 
   fi
407 408
408 409 
   ${PROJECT_NAME}-renew-cert -h $renew_domain -p startssl
 
@@ -425,25 +426,25 @@ function renew_letsencrypt {
425 426 
   esac
426 427
427 428 
   if [ ! $renew_domain ]; then
428 
-	  return
429 
+      return
429 430 
   fi
430 431
431 432 
   if [[ $renew_domain == "http"* ]]; then
432 433 
       dialog --title $"Renew a Let's Encrypt certificate" \
433 434 
              --msgbox $"Don't include the https://" 6 40
434 
-	  return
435 
+      return
435 436 
   fi
436 437
437 438 
   if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
438 439 
       dialog --title $"Renew a Let's Encrypt certificate" \
439 440 
              --msgbox $"An existing certificate for $renew_domain was not found" 6 40
440 
-	  return
441 
+      return
441 442 
   fi
442 443
443 444 
   if [[ $renew_domain != *"."* ]]; then
444 445 
       dialog --title $"Renew a Let's Encrypt certificate" \
445 446 
              --msgbox $"Invalid domain name: $renew_domain" 6 40
446 
-	  return
447 
+      return
447 448 
   fi
448 449
449 450 
   ${PROJECT_NAME}-renew-cert -h $renew_domain -p 'letsencrypt'
 
@@ -451,15 +452,57 @@ function renew_letsencrypt {
451 452 
   exit 0
452 453 
 }
453 454
455 
+function create_letsencrypt {
456 
+  new_domain=
457 
+  data=$(tempfile 2>/dev/null)
458 
+  trap "rm -f $data" 0 1 2 5 15
459 
+  dialog --title $"Create a new Let's Encrypt certificate" \
460 
+         --backtitle $"Freedombone Security Settings" \
461 
+         --inputbox $"Enter the domain name" 8 60 2>$data
462 
+  sel=$?
463 
+  case $sel in
464 
+      0)
465 
+          new_domain=$(<$data)
466 
+          ;;
467 
+  esac
468 
+
469 
+  if [ ! $new_domain ]; then
470 
+      return
471 
+  fi
472 
+
473 
+  if [[ $new_domain == "http"* ]]; then
474 
+      dialog --title $"Create a new Let's Encrypt certificate" \
475 
+             --msgbox $"Don't include the https://" 6 40
476 
+      return
477 
+  fi
478 
+
479 
+  if [[ $new_domain != *"."* ]]; then
480 
+      dialog --title $"Create a new Let's Encrypt certificate" \
481 
+             --msgbox $"Invalid domain name: $new_domain" 6 40
482 
+      return
483 
+  fi
484 
+
485 
+  if [ ! -d /var/www/${new_domain} ]; then
486 
+      dialog --title $"Create a new Let's Encrypt certificate" \
487 
+             --msgbox $'Domain not found within /var/www' 6 40
488 
+      return
489 
+  fi
490 
+
491 
+  ${PROJECT_NAME}-addcert -e $new_domain -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
492 
+
493 
+  exit 0
494 
+}
495 
+
454 496 
 function housekeeping {
455 497 
   cmd=(dialog --separate-output \
456 498 
               --backtitle "Freedombone Security Configuration" \
457 499 
               --title "Housekeeping options" \
458 
-              --checklist "If you don't need to do any of these things then just press Enter:" 12 76 16)
500 
+              --checklist "If you don't need to do any of these things then just press Enter:" 13 76 16)
459 501 
   options=(1 "Regenerate ssh host keys" off
460 502 
            2 "Regenerate Diffie-Hellman keys" off
461 503 
            3 "Renew a StartSSL certificate" off
462 
-           4 "Renew Let's Encrypt certificate" off)
504 
+           4 "Create a new Let's Encrypt certificate" off
505 
+           5 "Renew Let's Encrypt certificate" off)
463 506 
   choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
464 507 
   clear
465 508 
   for choice in $choices
 
@@ -475,6 +518,9 @@ function housekeeping {
475 518 
         renew_startssl
476 519 
         ;;
477 520 
       4)
521 
+        create_letsencrypt
522 
+        ;;
523 
+      5)
478 524 
         renew_letsencrypt
479 525 
         ;;
480 526 
     esac