Add cert renewal to security settings

6b0a1fc9 · Bob Mottram · 5c8633fd · 6b0a1fc9 · 6b0a1fc9
Commit 6b0a1fc9 authored 9 years ago by Bob Mottram
--- a/doc/EN/faq.org
+++ b/doc/EN/faq.org
@@ -313,7 +313,7 @@ Now visit your web site at https://mydomainname.com and you should notice that t
 * How do I renew a StartSSL certificate?
 The StartSSL certificates last for a year. You can check the expiry date of your current certificate/s by going to your site and if you're using Firefox then click on the *lock icon*, select "*more information*" then "*view certificate*".

-Before changing any certificates it's a good idea to make a backup of the existing system. Plug in a USB drive, log into the Freedombone and become the root user, then run the command *backup*. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones.
+Before changing any certificates it's a good idea to make a backup of the existing system. Use /Backup and Restore/ from the control panel to make a backup of the system to a USB drive. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones.

 Make sure that you have the StartSSL certificate which was created when you initially made an account. You did save it somewhere safe, didn't you? If it's not installed into your browser then in Firefox go to *Menu/Preferences/Advanced/View Certificates*. Make sure the "*Your Cerificates*" tab is selected and click "*import*", then import the StartSSL certificate.

@@ -326,7 +326,7 @@ Log in to the Freedombone, become the root user, then issue the renew command:
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
 su
-freedombone-renew-cert -h mydomainname
+freedombone-renew-cert -h mydomainname -p startssl
 #+END_SRC

 For the email address it's a good idea to use /postmaster@mydomainname/.

--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -375,13 +375,32 @@ function regenerate_dh_keys {
  fi
 }

+function renew_startssl {
+  data=$(tempfile 2>/dev/null)
+  trap "rm -f $data" 0 1 2 5 15
+  dialog --title "Renew a StartSSL certificate" \
+         --backtitle "Freedombone Security Settings" \
+         --inputbox "Enter the domain name" 8 60 2>$data
+  sel=$?
+  case $sel in
+      0)
+          renew_domain=$(<$data)
+          if [[ $renew_domain == *"."* ]]; then
+              freedombone-renew-cert -h $renew_domain -p startssl
+          fi
+          ;;
+  esac
+  exit 0
+}
+
 function housekeeping {
  cmd=(dialog --separate-output \
              --backtitle "Freedombone Security Configuration" \
              --title "Housekeeping options" \
              --checklist "If you don't need to do any of these things then just press Enter:" 10 76 16)
  options=(1 "Regenerate ssh host keys" off
-           2 "Regenerate Diffie-Hellman keys" off)
+           2 "Regenerate Diffie-Hellman keys" off
+           3 "Renew a StartSSL certificate" off)
  choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
  clear
  for choice in $choices
@@ -393,6 +412,9 @@ function housekeeping {
      2)
        REGENERATE_DH_KEYS="yes"
        ;;
+      3)
+        renew_startssl
+        ;;
    esac
  done
 }