Menu option to delete a letsencrypt certificate
This commit is contained in:
Bob Mottram
parent
747f533efb
commit
047ca9979a
|
|
@ -46,6 +46,7 @@ done
|
||||||
PIN_CERTS=
|
PIN_CERTS=
|
||||||
|
|
||||||
HOSTNAME=
|
HOSTNAME=
|
||||||
|
remove_cert=
|
||||||
LETSENCRYPT_HOSTNAME=
|
LETSENCRYPT_HOSTNAME=
|
||||||
COUNTRY_CODE="US"
|
COUNTRY_CODE="US"
|
||||||
AREA="Free Speech Zone"
|
AREA="Free Speech Zone"
|
||||||
|
|
@ -70,19 +71,20 @@ function show_help {
|
||||||
echo ''
|
echo ''
|
||||||
echo $'Creates a self-signed certificate for the given hostname'
|
echo $'Creates a self-signed certificate for the given hostname'
|
||||||
echo ''
|
echo ''
|
||||||
echo $' --help Show help'
|
echo $' --help Show help'
|
||||||
echo $' -h --hostname [name] Hostname'
|
echo $' -h --hostname [name] Hostname'
|
||||||
echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
|
echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
|
||||||
echo $' -s --server [url] Lets Encrypt server URL'
|
echo $' -r --rmletsencrypt [hostname] Remove a Lets Encrypt certificate'
|
||||||
echo $' -c --country [code] Optional country code (eg. US, GB, etc)'
|
echo $' -s --server [url] Lets Encrypt server URL'
|
||||||
echo $' -a --area [description] Optional area description'
|
echo $' -c --country [code] Optional country code (eg. US, GB, etc)'
|
||||||
echo $' -l --location [locn] Optional location name'
|
echo $' -a --area [description] Optional area description'
|
||||||
echo $' -o --organisation [name] Optional organisation name'
|
echo $' -l --location [locn] Optional location name'
|
||||||
echo $' -u --unit [name] Optional unit name'
|
echo $' -o --organisation [name] Optional organisation name'
|
||||||
echo $' --email [address] Email address for letsencrypt'
|
echo $' -u --unit [name] Optional unit name'
|
||||||
echo $' --dhkey [bits] DH key length in bits'
|
echo $' --email [address] Email address for letsencrypt'
|
||||||
echo $' --nodh "" Do not calculate DH params'
|
echo $' --dhkey [bits] DH key length in bits'
|
||||||
echo $' --ca "" Certificate authority cert'
|
echo $' --nodh "" Do not calculate DH params'
|
||||||
|
echo $' --ca "" Certificate authority cert'
|
||||||
echo ''
|
echo ''
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
@ -103,6 +105,11 @@ do
|
||||||
shift
|
shift
|
||||||
LETSENCRYPT_HOSTNAME="$1"
|
LETSENCRYPT_HOSTNAME="$1"
|
||||||
;;
|
;;
|
||||||
|
-r|--rmletsencrypt)
|
||||||
|
shift
|
||||||
|
LETSENCRYPT_HOSTNAME="$1"
|
||||||
|
remove_cert=1
|
||||||
|
;;
|
||||||
--email)
|
--email)
|
||||||
shift
|
shift
|
||||||
MY_EMAIL_ADDRESS="$1"
|
MY_EMAIL_ADDRESS="$1"
|
||||||
|
|
@ -173,6 +180,25 @@ fi
|
||||||
|
|
||||||
CERTFILE=$HOSTNAME
|
CERTFILE=$HOSTNAME
|
||||||
|
|
||||||
|
function remove_cert_letsencrypt {
|
||||||
|
CERTFILE=$LETSENCRYPT_HOSTNAME
|
||||||
|
|
||||||
|
# disable the site if needed
|
||||||
|
if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
|
||||||
|
if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
|
||||||
|
nginx_dissite ${LETSENCRYPT_HOSTNAME}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# remove the cert
|
||||||
|
rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
|
||||||
|
rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
|
||||||
|
rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
|
||||||
|
|
||||||
|
# restart the web server
|
||||||
|
systemctl restart nginx
|
||||||
|
}
|
||||||
|
|
||||||
function add_cert_letsencrypt {
|
function add_cert_letsencrypt {
|
||||||
CERTFILE=$LETSENCRYPT_HOSTNAME
|
CERTFILE=$LETSENCRYPT_HOSTNAME
|
||||||
|
|
||||||
|
|
@ -307,6 +333,11 @@ function make_cert_bundle {
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_cert {
|
function create_cert {
|
||||||
|
if [ $remove_cert ]; then
|
||||||
|
remove_cert_letsencrypt
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
if [ $LETSENCRYPT_HOSTNAME ]; then
|
if [ $LETSENCRYPT_HOSTNAME ]; then
|
||||||
add_cert_letsencrypt
|
add_cert_letsencrypt
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -479,6 +479,47 @@ function renew_letsencrypt {
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function delete_letsencrypt {
|
||||||
|
delete_domain=
|
||||||
|
data=$(tempfile 2>/dev/null)
|
||||||
|
trap "rm -f $data" 0 1 2 5 15
|
||||||
|
dialog --title $"Delete a Let's Encrypt certificate" \
|
||||||
|
--backtitle $"Freedombone Security Settings" \
|
||||||
|
--inputbox $"Enter the domain name" 8 60 2>$data
|
||||||
|
sel=$?
|
||||||
|
case $sel in
|
||||||
|
0)
|
||||||
|
delete_domain=$(<$data)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ ! $delete_domain ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $delete_domain == "http"* ]]; then
|
||||||
|
dialog --title $"Delete a Let's Encrypt certificate" \
|
||||||
|
--msgbox $"Don't include the https://" 6 40
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /etc/ssl/certs/${delete_domain}.dhparam ]; then
|
||||||
|
dialog --title $"Delete a Let's Encrypt certificate" \
|
||||||
|
--msgbox $"An existing certificate for $renew_domain was not found" 6 40
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $delete_domain != *"."* ]]; then
|
||||||
|
dialog --title $"Delete a Let's Encrypt certificate" \
|
||||||
|
--msgbox $"Invalid domain name: $delete_domain" 6 40
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
${PROJECT_NAME}-addcert -r $delete_domain
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
|
||||||
function create_letsencrypt {
|
function create_letsencrypt {
|
||||||
new_domain=
|
new_domain=
|
||||||
data=$(tempfile 2>/dev/null)
|
data=$(tempfile 2>/dev/null)
|
||||||
|
|
@ -923,7 +964,7 @@ function menu_security_settings {
|
||||||
trap "rm -f $data" 0 1 2 5 15
|
trap "rm -f $data" 0 1 2 5 15
|
||||||
dialog --backtitle $"Freedombone Control Panel" \
|
dialog --backtitle $"Freedombone Control Panel" \
|
||||||
--title $"Security Settings" \
|
--title $"Security Settings" \
|
||||||
--radiolist $"Choose an operation:" 21 76 21 \
|
--radiolist $"Choose an operation:" 22 76 22 \
|
||||||
1 $"Run STIG tests" off \
|
1 $"Run STIG tests" off \
|
||||||
2 $"Show ssh host public key" off \
|
2 $"Show ssh host public key" off \
|
||||||
3 $"Tor bridges" off \
|
3 $"Tor bridges" off \
|
||||||
|
|
@ -934,10 +975,11 @@ function menu_security_settings {
|
||||||
8 $"Update cipersuite" off \
|
8 $"Update cipersuite" off \
|
||||||
9 $"Create a new Let's Encrypt certificate" off \
|
9 $"Create a new Let's Encrypt certificate" off \
|
||||||
10 $"Renew Let's Encrypt certificate" off \
|
10 $"Renew Let's Encrypt certificate" off \
|
||||||
11 $"Enable GPG based authentication (monkeysphere)" off \
|
11 $"Delete a Let's Encrypt certificate" off \
|
||||||
12 $"Register a website with monkeysphere" off \
|
12 $"Enable GPG based authentication (monkeysphere)" off \
|
||||||
13 $"Allow ssh login with passwords" off \
|
13 $"Register a website with monkeysphere" off \
|
||||||
14 $"Go Back/Exit" on 2> $data
|
14 $"Allow ssh login with passwords" off \
|
||||||
|
15 $"Go Back/Exit" on 2> $data
|
||||||
sel=$?
|
sel=$?
|
||||||
case $sel in
|
case $sel in
|
||||||
1) exit 1;;
|
1) exit 1;;
|
||||||
|
|
@ -1000,17 +1042,20 @@ function menu_security_settings {
|
||||||
renew_letsencrypt
|
renew_letsencrypt
|
||||||
;;
|
;;
|
||||||
11)
|
11)
|
||||||
enable_monkeysphere
|
delete_letsencrypt
|
||||||
;;
|
;;
|
||||||
12)
|
12)
|
||||||
register_website
|
enable_monkeysphere
|
||||||
;;
|
;;
|
||||||
13)
|
13)
|
||||||
|
register_website
|
||||||
|
;;
|
||||||
|
14)
|
||||||
allow_ssh_passwords
|
allow_ssh_passwords
|
||||||
change_ssh_settings
|
change_ssh_settings
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
14)
|
15)
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue