Improve letsencrypt certs
This commit is contained in:
parent
708cad129f
commit
1000297af0
|
@ -308,6 +308,13 @@ function install_xmpp_main {
|
||||||
if [[ $(app_is_installed xmpp_main) == "1" ]]; then
|
if [[ $(app_is_installed xmpp_main) == "1" ]]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# obtain a cert for the default domain
|
||||||
|
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
|
echo $'Obtaining certificate for the main domain'
|
||||||
|
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
|
||||||
|
fi
|
||||||
|
|
||||||
apt-get -yq install lua-sec lua-bitop
|
apt-get -yq install lua-sec lua-bitop
|
||||||
apt-get -yq install prosody prosody-modules mercurial
|
apt-get -yq install prosody prosody-modules mercurial
|
||||||
|
|
||||||
|
|
|
@ -187,22 +187,25 @@ function check_certificates {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_site_certificate {
|
function cert_exists {
|
||||||
SITE_DOMAIN_NAME="$1"
|
cert_type='dhparam'
|
||||||
|
|
||||||
# if yes then only "valid" certs are allowed, not self-signed
|
|
||||||
NO_SELF_SIGNED='no'
|
|
||||||
if [ $2 ]; then
|
if [ $2 ]; then
|
||||||
NO_SELF_SIGNED="$2"
|
cert_type="$2"
|
||||||
fi
|
fi
|
||||||
|
if [ -f /etc/ssl/certs/${1}.${cert_type} ]; then
|
||||||
|
echo "1"
|
||||||
|
else
|
||||||
|
echo "0"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
if [[ $ONION_ONLY == "no" ]]; then
|
function create_self_signed_cert {
|
||||||
if [ ! -f /etc/ssl/certs/${SITE_DOMAIN_NAME}.dhparam ]; then
|
|
||||||
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
||||||
${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
|
${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
|
||||||
function_check check_certificates
|
function_check check_certificates
|
||||||
check_certificates ${SITE_DOMAIN_NAME}
|
check_certificates ${SITE_DOMAIN_NAME}
|
||||||
else
|
}
|
||||||
|
|
||||||
|
function create_letsencrypt_cert {
|
||||||
${PROJECT_NAME}-addcert -e ${SITE_DOMAIN_NAME} -s ${LETSENCRYPT_SERVER} --dhkey ${DH_KEYLENGTH} --email ${MY_EMAIL_ADDRESS}
|
${PROJECT_NAME}-addcert -e ${SITE_DOMAIN_NAME} -s ${LETSENCRYPT_SERVER} --dhkey ${DH_KEYLENGTH} --email ${MY_EMAIL_ADDRESS}
|
||||||
if [ ! "$?" = "0" ]; then
|
if [ ! "$?" = "0" ]; then
|
||||||
if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
|
if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
|
||||||
|
@ -214,9 +217,33 @@ function create_site_certificate {
|
||||||
echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
|
echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
|
||||||
exit 682529
|
exit 682529
|
||||||
fi
|
fi
|
||||||
else
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
function_check check_certificates
|
function_check check_certificates
|
||||||
check_certificates ${SITE_DOMAIN_NAME} 'yes'
|
check_certificates ${SITE_DOMAIN_NAME} 'yes'
|
||||||
|
}
|
||||||
|
|
||||||
|
function create_site_certificate {
|
||||||
|
SITE_DOMAIN_NAME="$1"
|
||||||
|
|
||||||
|
# if yes then only "valid" certs are allowed, not self-signed
|
||||||
|
NO_SELF_SIGNED='no'
|
||||||
|
if [ $2 ]; then
|
||||||
|
NO_SELF_SIGNED="$2"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $ONION_ONLY == "no" ]]; then
|
||||||
|
if [[ $(cert_exists) == "0" ]]; then
|
||||||
|
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
||||||
|
create_self_signed_cert
|
||||||
|
else
|
||||||
|
create_letsencrypt_cert
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [[ $LETSENCRYPT_ENABLED == "yes" ]]; then
|
||||||
|
if [[ $(cert_exists pem) == "0" ]]; then
|
||||||
|
create_letsencrypt_cert
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue