Preparations for let's encrypt

src/freedombone-renew-cert

@@ -39,12 +39,20 @@ function show_help {
     echo ''
     echo '     --help                  Show help'
     echo '  -h --hostname [name]       Hostname'
-    echo '  -p --provider [name]       eg. startssl'
+    echo '  -p --provider [name]       eg. startssl/letsencrypt'
     echo ''
     exit 0
 }
 
 function renew_startssl {
+    echo "Renewing Let's Encrypt certificate"
+	letsencrypt renew --cert-path /etc/ssl/certs/$HOSTNAME.pem
+	if [ ! "$?" = "0" ]; then
+		echo "Unable to renew Let's encrypt certificate"
+	fi
+}
+
+function renew_startssl {
     echo 'Renewing StartSSL certificate'
     if [ -s /etc/ssl/certs/$HOSTNAME.new.crt ]; then
         if ! grep -q "-BEGIN CERTIFICATE-" /etc/ssl/certs/$HOSTNAME.new.crt; then
@@ -184,7 +192,11 @@ fi
 if [[ $PROVIDER == 'startssl' || $PROVIDER == 'StartSSL' ]]; then
     renew_startssl
 else
-    echo "$PROVIDER is not currently supported"
+	if [[ $PROVIDER == 'letsencrypt' ]]; then
+		renew_letsencrypt
+	else
+		echo "$PROVIDER is not currently supported"
+	fi
 fi
 
 exit 0

src/freedombone-sec

@@ -376,6 +376,7 @@ function regenerate_dh_keys {
 }
 
 function renew_startssl {
+  renew_domain=
   data=$(tempfile 2>/dev/null)
   trap "rm -f $data" 0 1 2 5 15
   dialog --title "Renew a StartSSL certificate" \
@@ -385,11 +386,74 @@ function renew_startssl {
   case $sel in
       0)
           renew_domain=$(<$data)
-          if [[ $renew_domain == *"."* ]]; then
-              freedombone-renew-cert -h $renew_domain -p startssl
-          fi
           ;;
   esac
+
+  if [ ! $renew_domain ]; then
+	  return
+  fi
+
+  if [[ $renew_domain == "http"* ]]; then
+      dialog --title "Renew a StartSSL certificate" \
+             --msgbox "Don't include the https://" 6 40
+	  return
+  fi
+
+  if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
+      dialog --title "Renew a StartSSL certificate" \
+             --msgbox "An existing certificate for $renew_domain was not found" 6 40
+	  return
+  fi
+  
+  if [[ $renew_domain != *"."* ]]; then
+      dialog --title "Renew a StartSSL certificate" \
+             --msgbox "Invalid domain name: $renew_domain" 6 40
+	  return	  
+  fi
+
+  freedombone-renew-cert -h $renew_domain -p startssl
+
+  exit 0
+}
+
+function renew_letsencrypt {
+  renew_domain=
+  data=$(tempfile 2>/dev/null)
+  trap "rm -f $data" 0 1 2 5 15
+  dialog --title "Renew a Let's Encrypt certificate" \
+         --backtitle "Freedombone Security Settings" \
+         --inputbox "Enter the domain name" 8 60 2>$data
+  sel=$?
+  case $sel in
+      0)
+          renew_domain=$(<$data)
+          ;;
+  esac
+
+  if [ ! $renew_domain ]; then
+	  return
+  fi
+
+  if [[ $renew_domain == "http"* ]]; then
+      dialog --title "Renew a Let's Encrypt certificate" \
+             --msgbox "Don't include the https://" 6 40
+	  return
+  fi
+
+  if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
+      dialog --title "Renew a Let's Encrypt certificate" \
+             --msgbox "An existing certificate for $renew_domain was not found" 6 40
+	  return
+  fi
+  
+  if [[ $renew_domain != *"."* ]]; then
+      dialog --title "Renew a Let's Encrypt certificate" \
+             --msgbox "Invalid domain name: $renew_domain" 6 40
+	  return	  
+  fi
+
+  freedombone-renew-cert -h $renew_domain -p letsencrypt
+
   exit 0
 }
 
@@ -401,6 +465,7 @@ function housekeeping {
   options=(1 "Regenerate ssh host keys" off
            2 "Regenerate Diffie-Hellman keys" off
            3 "Renew a StartSSL certificate" off)
+           4 "Renew Let's Encrypt certificate" off)
   choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
   clear
   for choice in $choices
@@ -415,6 +480,9 @@ function housekeeping {
       3)
         renew_startssl
         ;;
+      4)
+        renew_letsencrypt
+        ;;
     esac
   done
 }