|
@@ -58,6 +58,7 @@ CURRENT_DIR=$(pwd)
|
58
|
58
|
REGENERATE_SSH_HOST_KEYS="no"
|
59
|
59
|
REGENERATE_DH_KEYS="no"
|
60
|
60
|
DH_KEYLENGTH=2048
|
|
61
|
+LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
|
61
|
62
|
|
62
|
63
|
function get_protocols_from_website {
|
63
|
64
|
if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
|
|
@@ -365,7 +366,7 @@ function regenerate_dh_keys {
|
365
|
366
|
3) DH_KEYLENGTH=4096;;
|
366
|
367
|
esac
|
367
|
368
|
|
368
|
|
- ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
|
|
369
|
+ ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
|
369
|
370
|
fi
|
370
|
371
|
}
|
371
|
372
|
|
|
@@ -384,25 +385,25 @@ function renew_startssl {
|
384
|
385
|
esac
|
385
|
386
|
|
386
|
387
|
if [ ! $renew_domain ]; then
|
387
|
|
- return
|
|
388
|
+ return
|
388
|
389
|
fi
|
389
|
390
|
|
390
|
391
|
if [[ $renew_domain == "http"* ]]; then
|
391
|
392
|
dialog --title $"Renew a StartSSL certificate" \
|
392
|
393
|
--msgbox $"Don't include the https://" 6 40
|
393
|
|
- return
|
|
394
|
+ return
|
394
|
395
|
fi
|
395
|
396
|
|
396
|
397
|
if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
|
397
|
398
|
dialog --title $"Renew a StartSSL certificate" \
|
398
|
399
|
--msgbox $"An existing certificate for $renew_domain was not found" 6 40
|
399
|
|
- return
|
|
400
|
+ return
|
400
|
401
|
fi
|
401
|
402
|
|
402
|
403
|
if [[ $renew_domain != *"."* ]]; then
|
403
|
404
|
dialog --title $"Renew a StartSSL certificate" \
|
404
|
405
|
--msgbox $"Invalid domain name: $renew_domain" 6 40
|
405
|
|
- return
|
|
406
|
+ return
|
406
|
407
|
fi
|
407
|
408
|
|
408
|
409
|
${PROJECT_NAME}-renew-cert -h $renew_domain -p startssl
|
|
@@ -425,25 +426,25 @@ function renew_letsencrypt {
|
425
|
426
|
esac
|
426
|
427
|
|
427
|
428
|
if [ ! $renew_domain ]; then
|
428
|
|
- return
|
|
429
|
+ return
|
429
|
430
|
fi
|
430
|
431
|
|
431
|
432
|
if [[ $renew_domain == "http"* ]]; then
|
432
|
433
|
dialog --title $"Renew a Let's Encrypt certificate" \
|
433
|
434
|
--msgbox $"Don't include the https://" 6 40
|
434
|
|
- return
|
|
435
|
+ return
|
435
|
436
|
fi
|
436
|
437
|
|
437
|
438
|
if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
|
438
|
439
|
dialog --title $"Renew a Let's Encrypt certificate" \
|
439
|
440
|
--msgbox $"An existing certificate for $renew_domain was not found" 6 40
|
440
|
|
- return
|
|
441
|
+ return
|
441
|
442
|
fi
|
442
|
443
|
|
443
|
444
|
if [[ $renew_domain != *"."* ]]; then
|
444
|
445
|
dialog --title $"Renew a Let's Encrypt certificate" \
|
445
|
446
|
--msgbox $"Invalid domain name: $renew_domain" 6 40
|
446
|
|
- return
|
|
447
|
+ return
|
447
|
448
|
fi
|
448
|
449
|
|
449
|
450
|
${PROJECT_NAME}-renew-cert -h $renew_domain -p 'letsencrypt'
|
|
@@ -451,15 +452,57 @@ function renew_letsencrypt {
|
451
|
452
|
exit 0
|
452
|
453
|
}
|
453
|
454
|
|
|
455
|
+function create_letsencrypt {
|
|
456
|
+ new_domain=
|
|
457
|
+ data=$(tempfile 2>/dev/null)
|
|
458
|
+ trap "rm -f $data" 0 1 2 5 15
|
|
459
|
+ dialog --title $"Create a new Let's Encrypt certificate" \
|
|
460
|
+ --backtitle $"Freedombone Security Settings" \
|
|
461
|
+ --inputbox $"Enter the domain name" 8 60 2>$data
|
|
462
|
+ sel=$?
|
|
463
|
+ case $sel in
|
|
464
|
+ 0)
|
|
465
|
+ new_domain=$(<$data)
|
|
466
|
+ ;;
|
|
467
|
+ esac
|
|
468
|
+
|
|
469
|
+ if [ ! $new_domain ]; then
|
|
470
|
+ return
|
|
471
|
+ fi
|
|
472
|
+
|
|
473
|
+ if [[ $new_domain == "http"* ]]; then
|
|
474
|
+ dialog --title $"Create a new Let's Encrypt certificate" \
|
|
475
|
+ --msgbox $"Don't include the https://" 6 40
|
|
476
|
+ return
|
|
477
|
+ fi
|
|
478
|
+
|
|
479
|
+ if [[ $new_domain != *"."* ]]; then
|
|
480
|
+ dialog --title $"Create a new Let's Encrypt certificate" \
|
|
481
|
+ --msgbox $"Invalid domain name: $new_domain" 6 40
|
|
482
|
+ return
|
|
483
|
+ fi
|
|
484
|
+
|
|
485
|
+ if [ ! -d /var/www/${new_domain} ]; then
|
|
486
|
+ dialog --title $"Create a new Let's Encrypt certificate" \
|
|
487
|
+ --msgbox $'Domain not found within /var/www' 6 40
|
|
488
|
+ return
|
|
489
|
+ fi
|
|
490
|
+
|
|
491
|
+ ${PROJECT_NAME}-addcert -e $new_domain -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
492
|
+
|
|
493
|
+ exit 0
|
|
494
|
+}
|
|
495
|
+
|
454
|
496
|
function housekeeping {
|
455
|
497
|
cmd=(dialog --separate-output \
|
456
|
498
|
--backtitle "Freedombone Security Configuration" \
|
457
|
499
|
--title "Housekeeping options" \
|
458
|
|
- --checklist "If you don't need to do any of these things then just press Enter:" 12 76 16)
|
|
500
|
+ --checklist "If you don't need to do any of these things then just press Enter:" 13 76 16)
|
459
|
501
|
options=(1 "Regenerate ssh host keys" off
|
460
|
502
|
2 "Regenerate Diffie-Hellman keys" off
|
461
|
503
|
3 "Renew a StartSSL certificate" off
|
462
|
|
- 4 "Renew Let's Encrypt certificate" off)
|
|
504
|
+ 4 "Create a new Let's Encrypt certificate" off
|
|
505
|
+ 5 "Renew Let's Encrypt certificate" off)
|
463
|
506
|
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
|
464
|
507
|
clear
|
465
|
508
|
for choice in $choices
|
|
@@ -475,6 +518,9 @@ function housekeeping {
|
475
|
518
|
renew_startssl
|
476
|
519
|
;;
|
477
|
520
|
4)
|
|
521
|
+ create_letsencrypt
|
|
522
|
+ ;;
|
|
523
|
+ 5)
|
478
|
524
|
renew_letsencrypt
|
479
|
525
|
;;
|
480
|
526
|
esac
|