free
/
freedombone
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Przeglądaj źródła

Additional options for letsencrypt 

These are used to create an initial account
Bob Mottram 9 lat temu
rodzic
77669098a6
commit
bd0acd2af5
2 zmienionych plików z 35 dodań i 9 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 8
    8
      src/freedombone
  2. 27
    1
      src/freedombone-addcert

+ 8
- 8
src/freedombone Wyświetl plik

4804 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
 4804 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
4805 
                 ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
 4805 
                 ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
4806 
             else
 4806 
             else
4807 
-                ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH
4807 
+                ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
4808 
             fi
 4808 
             fi
4809 
         fi
 4809 
         fi
4810 
     fi
 4810 
     fi
6379 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
 6379 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
6380 
                 ${PROJECT_NAME}-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
 6380 
                 ${PROJECT_NAME}-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
6381 
             else
 6381 
             else
6382 
-                ${PROJECT_NAME}-addcert -e $OWNCLOUD_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
6382 
+                ${PROJECT_NAME}-addcert -e $OWNCLOUD_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
6383 
             fi
 6383 
             fi
6384 
             check_certificates $OWNCLOUD_DOMAIN_NAME
 6384 
             check_certificates $OWNCLOUD_DOMAIN_NAME
6385 
         fi
 6385 
         fi
6722 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
 6722 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
6723 
                 ${PROJECT_NAME}-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
 6723 
                 ${PROJECT_NAME}-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
6724 
             else
 6724 
             else
6725 
-                ${PROJECT_NAME}-addcert -e $GIT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
6725 
+                ${PROJECT_NAME}-addcert -e $GIT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
6726 
             fi
 6726 
             fi
6727 
             check_certificates $GIT_DOMAIN_NAME
 6727 
             check_certificates $GIT_DOMAIN_NAME
6728 
         fi
 6728 
         fi
7660 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
 7660 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
7661 
                 ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
 7661 
                 ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
7662 
             else
 7662 
             else
7663 
-                ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
7663 
+                ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
7664 
             fi
 7664 
             fi
7665 
             check_certificates $WIKI_DOMAIN_NAME
 7665 
             check_certificates $WIKI_DOMAIN_NAME
7666 
         fi
 7666 
         fi
8022 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
 8022 
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
8023 
                 ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
 8023 
                 ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
8024 
             else
 8024 
             else
8025 
-                ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
8025 
+                ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
8026 
             fi
 8026 
             fi
8027 
             check_certificates $FULLBLOG_DOMAIN_NAME
 8027 
             check_certificates $FULLBLOG_DOMAIN_NAME
8028 
         fi
 8028 
         fi
8311
8311
8312 
     if [[ $ONION_ONLY == "no" ]]; then
 8312 
     if [[ $ONION_ONLY == "no" ]]; then
8313 
         if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
 8313 
         if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
8314 
-            ${PROJECT_NAME}-addcert -e $MICROBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
8314 
+            ${PROJECT_NAME}-addcert -e $MICROBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
8315 
             check_certificates $MICROBLOG_DOMAIN_NAME
 8315 
             check_certificates $MICROBLOG_DOMAIN_NAME
8316 
         fi
 8316 
         fi
8317 
     fi
 8317 
     fi
8709
8709
8710 
     if [[ $ONION_ONLY == "no" ]]; then
 8710 
     if [[ $ONION_ONLY == "no" ]]; then
8711 
         if [ ! -f /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam ]; then
 8711 
         if [ ! -f /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam ]; then
8712 
-            ${PROJECT_NAME}-addcert -e $HUBZILLA_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
8712 
+            ${PROJECT_NAME}-addcert -e $HUBZILLA_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
8713 
             check_certificates $HUBZILLA_DOMAIN_NAME
 8713 
             check_certificates $HUBZILLA_DOMAIN_NAME
8714 
         fi
 8714 
         fi
8715 
     fi
 8715 
     fi
9033 
         if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
 9033 
         if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
9034 
             ${PROJECT_NAME}-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
 9034 
             ${PROJECT_NAME}-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
9035 
         else
 9035 
         else
9036 
-            ${PROJECT_NAME}-addcert -e $MEDIAGOBLIN_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
9036 
+            ${PROJECT_NAME}-addcert -e $MEDIAGOBLIN_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
9037 
         fi
 9037 
         fi
9038 
         check_certificates $MEDIAGOBLIN_DOMAIN_NAME
 9038 
         check_certificates $MEDIAGOBLIN_DOMAIN_NAME
9039 
     fi
 9039 
     fi

+ 27
- 1
src/freedombone-addcert Wyświetl plik

33 
 export TEXTDOMAIN=${PROJECT_NAME}-addcert
 33 
 export TEXTDOMAIN=${PROJECT_NAME}-addcert
34 
 export TEXTDOMAINDIR="/usr/share/locale"
 34 
 export TEXTDOMAINDIR="/usr/share/locale"
35
35
36 
+CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
37 
+COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
38 
+
36 
 HOSTNAME=
 39 
 HOSTNAME=
37 
 LETSENCRYPT_HOSTNAME=
 40 
 LETSENCRYPT_HOSTNAME=
38 
 COUNTRY_CODE="US"
 41 
 COUNTRY_CODE="US"
46 
 INSTALL_DIR=/root/build
 49 
 INSTALL_DIR=/root/build
47 
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
 50 
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
48 
 LETSENCRYPT_REPO='https://github.com/letsencrypt/letsencrypt'
 51 
 LETSENCRYPT_REPO='https://github.com/letsencrypt/letsencrypt'
52 
+MY_EMAIL_ADDRESS=
49
53
50 
 function show_help {
 54 
 function show_help {
51 
     echo ''
 55 
     echo ''
63 
     echo $'  -l --location [locn]        Optional location name'
 67 
     echo $'  -l --location [locn]        Optional location name'
64 
     echo $'  -o --organisation [name]    Optional organisation name'
 68 
     echo $'  -o --organisation [name]    Optional organisation name'
65 
     echo $'  -u --unit [name]            Optional unit name'
 69 
     echo $'  -u --unit [name]            Optional unit name'
70 
+    echo $'     --email [address]        Email address for letsencrypt'
66 
     echo $'     --dhkey [bits]           DH key length in bits'
 71 
     echo $'     --dhkey [bits]           DH key length in bits'
67 
     echo $'     --nodh ""                Do not calculate DH params'
 72 
     echo $'     --nodh ""                Do not calculate DH params'
68 
     echo $'     --ca ""                  Certificate authority cert'
 73 
     echo $'     --ca ""                  Certificate authority cert'
86 
     shift
 91 
     shift
87 
     LETSENCRYPT_HOSTNAME="$1"
 92 
     LETSENCRYPT_HOSTNAME="$1"
88 
     ;;
 93 
     ;;
94 
+    --email)
95 
+    shift
96 
+    MY_EMAIL_ADDRESS="$1"
97 
+    ;;
89 
     -s|--server)
 98 
     -s|--server)
90 
     shift
 99 
     shift
91 
     LETSENCRYPT_SERVER="$1"
 100 
     LETSENCRYPT_SERVER="$1"
151 
 function add_cert_letsencrypt {
 160 
 function add_cert_letsencrypt {
152 
     CERTFILE=$LETSENCRYPT_HOSTNAME
 161 
     CERTFILE=$LETSENCRYPT_HOSTNAME
153
162
163 
+    # obtain the email address for the admin user
164 
+    if [ ! $MY_EMAIL_ADDRESS ]; then
165 
+        if [ -f $CONFIG_FILE ]; then
166 
+            if grep -q "MY_EMAIL_ADDRESS=" $CONFIG_FILE; then
167 
+                MY_EMAIL_ADDRESS=$(cat $CONFIG_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
168 
+            fi
169 
+        fi
170 
+    fi
171 
+    if [ ! $MY_EMAIL_ADDRESS ]; then
172 
+        if [ -f $COMPLETION_FILE ]; then
173 
+            if grep -q "Admin user:" $COMPLETION_FILE; then
174 
+                ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
175 
+                MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
176 
+            fi
177 
+        fi
178 
+    fi
179 
+
154 
     if [ ! -d $INSTALL_DIR ]; then
 180 
     if [ ! -d $INSTALL_DIR ]; then
155 
         mkdir -p $INSTALL_DIR
 181 
         mkdir -p $INSTALL_DIR
156 
     fi
 182 
     fi
172 
     systemctl stop nginx
 198 
     systemctl stop nginx
173
199
174 
     cd ${INSTALL_DIR}/letsencrypt
 200 
     cd ${INSTALL_DIR}/letsencrypt
175 
-    ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default
201 
+    ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
176 
     if [ ! "$?" = "0" ]; then
 202 
     if [ ! "$?" = "0" ]; then
177 
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
 203 
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
178 
         systemctl start nginx
 204 
         systemctl start nginx