From 93b20c01c00d9bdcfc12856aaeb329b1118abb12 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob.mottram@codethink.co.uk>
Date: Mon, 8 Aug 2016 10:29:52 +0100
Subject: [PATCH] letsencrypt repo change
---
src/freedombone-addcert | 248 ++++++++++++++++++++--------------------
1 file changed, 124 insertions(+), 124 deletions(-)
diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 63d88519e..5b437ad7f 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -50,7 +50,7 @@ NODH=
DH_KEYLENGTH=2048
INSTALL_DIR=/root/build
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
-LETSENCRYPT_REPO="https://github.com/letsencrypt/letsencrypt"
+LETSENCRYPT_REPO="https://github.com/certbot/certbot"
MY_EMAIL_ADDRESS=
FRIENDS_MIRRORS_SERVER=
FRIENDS_MIRRORS_PASSWORD=
@@ -59,40 +59,40 @@ MY_MIRRORS_PASSWORD=
function read_repo_servers {
if [ -f $CONFIGURATION_FILE ]; then
- if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
- MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
- if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
- FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
- fi
+ if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+ MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
+ if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+ FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+ fi
fi
if [ ! $FRIENDS_MIRRORS_SERVER ]; then
- return
+ return
fi
if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
- return
+ return
fi
MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
if [ ! -f $MAIN_COMMAND ]; then
- MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
+ MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
fi
REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
for line in "${REPOS[@]}"
do
- repo_name=$(echo "$line" | awk -F '=' '{print $1}')
- mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
- friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
- ${repo_name}="${friends_repo_url}"
+ repo_name=$(echo "$line" | awk -F '=' '{print $1}')
+ mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
+ friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
+ ${repo_name}="${friends_repo_url}"
done
}
@@ -125,69 +125,69 @@ do
key="$1"
case $key in
- --help)
- show_help
- ;;
- -h|--hostname)
- shift
- HOSTNAME="$1"
- ;;
- -e|--letsencrypt)
- shift
- LETSENCRYPT_HOSTNAME="$1"
- ;;
- --email)
- shift
- MY_EMAIL_ADDRESS="$1"
- ;;
- -s|--server)
- shift
- LETSENCRYPT_SERVER="$1"
- ;;
- -c|--country)
- shift
- COUNTRY_CODE="$1"
- ;;
- -a|--area)
- shift
- AREA="$1"
- ;;
- -l|--location)
- shift
- LOCATION="$1"
- ;;
- -o|--organisation)
- shift
- ORGANISATION="$1"
- ;;
- -u|--unit)
- shift
- UNIT="$1"
- ;;
- --ca)
- shift
- EXTENSIONS="-extensions v3_ca"
- ORGANISATION="Freedombone-CA"
- ;;
- --nodh)
- shift
- NODH="true"
- ;;
- --dhkey)
- shift
- DH_KEYLENGTH=${1}
- ;;
- *)
- # unknown option
- ;;
+ --help)
+ show_help
+ ;;
+ -h|--hostname)
+ shift
+ HOSTNAME="$1"
+ ;;
+ -e|--letsencrypt)
+ shift
+ LETSENCRYPT_HOSTNAME="$1"
+ ;;
+ --email)
+ shift
+ MY_EMAIL_ADDRESS="$1"
+ ;;
+ -s|--server)
+ shift
+ LETSENCRYPT_SERVER="$1"
+ ;;
+ -c|--country)
+ shift
+ COUNTRY_CODE="$1"
+ ;;
+ -a|--area)
+ shift
+ AREA="$1"
+ ;;
+ -l|--location)
+ shift
+ LOCATION="$1"
+ ;;
+ -o|--organisation)
+ shift
+ ORGANISATION="$1"
+ ;;
+ -u|--unit)
+ shift
+ UNIT="$1"
+ ;;
+ --ca)
+ shift
+ EXTENSIONS="-extensions v3_ca"
+ ORGANISATION="Freedombone-CA"
+ ;;
+ --nodh)
+ shift
+ NODH="true"
+ ;;
+ --dhkey)
+ shift
+ DH_KEYLENGTH=${1}
+ ;;
+ *)
+ # unknown option
+ ;;
esac
shift
done
if [ ! $HOSTNAME ]; then
if [ ! $LETSENCRYPT_HOSTNAME ]; then
- echo $'No hostname specified'
- exit 5748
+ echo $'No hostname specified'
+ exit 5748
fi
fi
@@ -207,35 +207,35 @@ function add_cert_letsencrypt {
# obtain the email address for the admin user
if [ ! $MY_EMAIL_ADDRESS ]; then
- if [ -f $CONFIGURATION_FILE ]; then
- if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
- MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
- fi
- fi
+ if [ -f $CONFIGURATION_FILE ]; then
+ if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
+ MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
+ fi
+ fi
fi
if [ ! $MY_EMAIL_ADDRESS ]; then
- if [ -f $COMPLETION_FILE ]; then
- if grep -q "Admin user:" $COMPLETION_FILE; then
- ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
- MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
- fi
- fi
+ if [ -f $COMPLETION_FILE ]; then
+ if grep -q "Admin user:" $COMPLETION_FILE; then
+ ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+ MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
+ fi
+ fi
fi
if [ ! -d $INSTALL_DIR ]; then
- mkdir -p $INSTALL_DIR
+ mkdir -p $INSTALL_DIR
fi
cd $INSTALL_DIR
# obtain the repo
if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
- git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
- if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
- exit 76283
- fi
+ git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
+ if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
+ exit 76283
+ fi
else
- cd ${INSTALL_DIR}/letsencrypt
- git_pull $LETSENCRYPT_REPO
+ cd ${INSTALL_DIR}/letsencrypt
+ git_pull $LETSENCRYPT_REPO
fi
# stop the web server
@@ -244,38 +244,38 @@ function add_cert_letsencrypt {
cd ${INSTALL_DIR}/letsencrypt
./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
if [ ! "$?" = "0" ]; then
- echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
- systemctl start nginx
- exit 63216
+ echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
+ systemctl start nginx
+ exit 63216
fi
# replace some legacy filenames
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
- mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
fi
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
- mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
fi
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
# link the private key
if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
- if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
- mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
- else
- rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
- fi
+ if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
+ mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+ else
+ rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+ fi
fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
# link the public key
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
- if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
- mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
- else
- rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
- fi
+ if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
+ mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+ else
+ rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ fi
fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
@@ -285,42 +285,42 @@ function add_cert_letsencrypt {
${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
if [ ! "$?" = "0" ]; then
- echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
- exit 62878
+ echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
+ exit 62878
fi
}
function add_cert_selfsigned {
if [[ $ORGANISATION == "Freedombone-CA" ]]; then
- CERTFILE="ca-$HOSTNAME"
+ CERTFILE="ca-$HOSTNAME"
fi
openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
- -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
- -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
- -out /etc/ssl/certs/${CERTFILE}.crt
+ -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+ -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
+ -out /etc/ssl/certs/${CERTFILE}.crt
chmod 400 /etc/ssl/private/${CERTFILE}.key
chmod 640 /etc/ssl/certs/${CERTFILE}.crt
cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
${PROJECT_NAME}-pin-cert $CERTFILE
if [ ! "$?" = "0" ]; then
- echo $"Certificate for $CERTFILE could not be pinned"
- exit 62879
+ echo $"Certificate for $CERTFILE could not be pinned"
+ exit 62879
fi
}
function generate_dh_params {
if [ ! $NODH ]; then
- if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
- ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
- fi
+ if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
+ ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+ fi
fi
}
function restart_web_server {
if [ -f /etc/init.d/nginx ]; then
- /etc/init.d/nginx reload
+ /etc/init.d/nginx reload
fi
}
@@ -332,9 +332,9 @@ function make_cert_bundle {
function create_cert {
if [ $LETSENCRYPT_HOSTNAME ]; then
- add_cert_letsencrypt
+ add_cert_letsencrypt
else
- add_cert_selfsigned
+ add_cert_selfsigned
fi
}
--
GitLab