letsencrypt repo change

src/freedombone-addcert

@@ -50,7 +50,7 @@ NODH=
 DH_KEYLENGTH=2048
 INSTALL_DIR=/root/build
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
-LETSENCRYPT_REPO="https://github.com/letsencrypt/letsencrypt"
+LETSENCRYPT_REPO="https://github.com/certbot/certbot"
 MY_EMAIL_ADDRESS=
 FRIENDS_MIRRORS_SERVER=
 FRIENDS_MIRRORS_PASSWORD=
@@ -59,40 +59,40 @@ MY_MIRRORS_PASSWORD=
 
 function read_repo_servers {
     if [ -f $CONFIGURATION_FILE ]; then
-	if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
-	    FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-	fi
-	if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
-	    FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-	fi
-	if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
-	    MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-	fi
-	if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
-	    FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-	fi
+    if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
+        FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+    fi
+    if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
+        FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+    fi
+    if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+        MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+    fi
+    if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+        FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+    fi
     fi
 
     if [ ! $FRIENDS_MIRRORS_SERVER ]; then
-	return
+    return
     fi
     if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
-	return
+    return
     fi
 
     MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
     if [ ! -f $MAIN_COMMAND ]; then
-	MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
+    MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
     fi
 
     REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
 
     for line in "${REPOS[@]}"
     do
-	repo_name=$(echo "$line" | awk -F '=' '{print $1}')
-	mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
-	friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
-	${repo_name}="${friends_repo_url}"
+    repo_name=$(echo "$line" | awk -F '=' '{print $1}')
+    mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
+    friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
+    ${repo_name}="${friends_repo_url}"
     done
 }
 
@@ -125,69 +125,69 @@ do
     key="$1"
 
     case $key in
-	--help)
-	    show_help
-	    ;;
-	-h|--hostname)
-	    shift
-	    HOSTNAME="$1"
-	    ;;
-	-e|--letsencrypt)
-	    shift
-	    LETSENCRYPT_HOSTNAME="$1"
-	    ;;
-	--email)
-	    shift
-	    MY_EMAIL_ADDRESS="$1"
-	    ;;
-	-s|--server)
-	    shift
-	    LETSENCRYPT_SERVER="$1"
-	    ;;
-	-c|--country)
-	    shift
-	    COUNTRY_CODE="$1"
-	    ;;
-	-a|--area)
-	    shift
-	    AREA="$1"
-	    ;;
-	-l|--location)
-	    shift
-	    LOCATION="$1"
-	    ;;
-	-o|--organisation)
-	    shift
-	    ORGANISATION="$1"
-	    ;;
-	-u|--unit)
-	    shift
-	    UNIT="$1"
-	    ;;
-	--ca)
-	    shift
-	    EXTENSIONS="-extensions v3_ca"
-	    ORGANISATION="Freedombone-CA"
-	    ;;
-	--nodh)
-	    shift
-	    NODH="true"
-	    ;;
-	--dhkey)
-	    shift
-	    DH_KEYLENGTH=${1}
-	    ;;
-	*)
-	    # unknown option
-	    ;;
+    --help)
+        show_help
+        ;;
+    -h|--hostname)
+        shift
+        HOSTNAME="$1"
+        ;;
+    -e|--letsencrypt)
+        shift
+        LETSENCRYPT_HOSTNAME="$1"
+        ;;
+    --email)
+        shift
+        MY_EMAIL_ADDRESS="$1"
+        ;;
+    -s|--server)
+        shift
+        LETSENCRYPT_SERVER="$1"
+        ;;
+    -c|--country)
+        shift
+        COUNTRY_CODE="$1"
+        ;;
+    -a|--area)
+        shift
+        AREA="$1"
+        ;;
+    -l|--location)
+        shift
+        LOCATION="$1"
+        ;;
+    -o|--organisation)
+        shift
+        ORGANISATION="$1"
+        ;;
+    -u|--unit)
+        shift
+        UNIT="$1"
+        ;;
+    --ca)
+        shift
+        EXTENSIONS="-extensions v3_ca"
+        ORGANISATION="Freedombone-CA"
+        ;;
+    --nodh)
+        shift
+        NODH="true"
+        ;;
+    --dhkey)
+        shift
+        DH_KEYLENGTH=${1}
+        ;;
+    *)
+        # unknown option
+        ;;
     esac
     shift
 done
 
 if [ ! $HOSTNAME ]; then
     if [ ! $LETSENCRYPT_HOSTNAME ]; then
-	echo $'No hostname specified'
-	exit 5748
+    echo $'No hostname specified'
+    exit 5748
     fi
 fi
 
@@ -207,35 +207,35 @@ function add_cert_letsencrypt {
 
     # obtain the email address for the admin user
     if [ ! $MY_EMAIL_ADDRESS ]; then
-	if [ -f $CONFIGURATION_FILE ]; then
-	    if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
-		MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
-	    fi
-	fi
+    if [ -f $CONFIGURATION_FILE ]; then
+        if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
+        MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
+        fi
+    fi
     fi
     if [ ! $MY_EMAIL_ADDRESS ]; then
-	if [ -f $COMPLETION_FILE ]; then
-	    if grep -q "Admin user:" $COMPLETION_FILE; then
-		ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-		MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
-	    fi
-	fi
+    if [ -f $COMPLETION_FILE ]; then
+        if grep -q "Admin user:" $COMPLETION_FILE; then
+        ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+        MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
+        fi
+    fi
     fi
 
     if [ ! -d $INSTALL_DIR ]; then
-	mkdir -p $INSTALL_DIR
+    mkdir -p $INSTALL_DIR
     fi
     cd $INSTALL_DIR
 
     # obtain the repo
     if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
-	git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
-	if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
-	    exit 76283
-	fi
+    git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
+    if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
+        exit 76283
+    fi
     else
-	cd ${INSTALL_DIR}/letsencrypt
-	git_pull $LETSENCRYPT_REPO
+    cd ${INSTALL_DIR}/letsencrypt
+    git_pull $LETSENCRYPT_REPO
     fi
 
     # stop the web server
@@ -244,38 +244,38 @@ function add_cert_letsencrypt {
     cd ${INSTALL_DIR}/letsencrypt
     ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
     if [ ! "$?" = "0" ]; then
-	echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
-	systemctl start nginx
-	exit 63216
+    echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
+    systemctl start nginx
+    exit 63216
     fi
 
     # replace some legacy filenames
     if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
-	mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
     fi
     if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
-	mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
     fi
     sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
     sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
 
     # link the private key
     if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-	if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
-	    mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
-	else
-	    rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
-	fi
+    if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
+        mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+    else
+        rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    fi
     fi
     ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
 
     # link the public key
     if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-	if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
-	    mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
-	else
-	    rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
-	fi
+    if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
+        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+    else
+        rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    fi
     fi
     ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
 
@@ -285,42 +285,42 @@ function add_cert_letsencrypt {
 
     ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
     if [ ! "$?" = "0" ]; then
-	echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
-	exit 62878
+    echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
+    exit 62878
     fi
 }
 
 function add_cert_selfsigned {
     if [[ $ORGANISATION == "Freedombone-CA" ]]; then
-	CERTFILE="ca-$HOSTNAME"
+    CERTFILE="ca-$HOSTNAME"
     fi
 
     openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
-	    -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-	    -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
-	    -out /etc/ssl/certs/${CERTFILE}.crt
+        -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+        -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
+        -out /etc/ssl/certs/${CERTFILE}.crt
     chmod 400 /etc/ssl/private/${CERTFILE}.key
     chmod 640 /etc/ssl/certs/${CERTFILE}.crt
     cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
 
     ${PROJECT_NAME}-pin-cert $CERTFILE
     if [ ! "$?" = "0" ]; then
-	echo $"Certificate for $CERTFILE could not be pinned"
-	exit 62879
+    echo $"Certificate for $CERTFILE could not be pinned"
+    exit 62879
     fi
 }
 
 function generate_dh_params {
     if [ ! $NODH ]; then
-	if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
-	    ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
-	fi
+    if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
+        ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+    fi
     fi
 }
 
 function restart_web_server {
     if [ -f /etc/init.d/nginx ]; then
-	/etc/init.d/nginx reload
+    /etc/init.d/nginx reload
     fi
 }
 
@@ -332,9 +332,9 @@ function make_cert_bundle {
 
 function create_cert {
     if [ $LETSENCRYPT_HOSTNAME ]; then
-	add_cert_letsencrypt
+    add_cert_letsencrypt
     else
-	add_cert_selfsigned
+    add_cert_selfsigned
     fi
 }