free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tidying

This commit is contained in:
Bob Mottram 2015-12-12 10:55:16 +00:00
parent 0a72fa029f
commit 0318ca8edf
1 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/freedombone-addcert
View File

@ -146,7 +146,9 @@ if [ ! -d /etc/ssl/mycerts ]; then
mkdir /etc/ssl/mycerts mkdir /etc/ssl/mycerts
fi fi
if [ $LETSENCRYPT_HOSTNAME ]; then CERTFILE=$HOSTNAME
function add_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME CERTFILE=$LETSENCRYPT_HOSTNAME
if [ ! -d $INSTALL_DIR ]; then if [ ! -d $INSTALL_DIR ]; then
@ -170,7 +172,6 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
systemctl stop nginx systemctl stop nginx
cd ${INSTALL_DIR}/letsencrypt cd ${INSTALL_DIR}/letsencrypt
# TODO this requires user interaction - is there a non-interactive mode?
./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
@ -192,8 +193,8 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
else else
rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
fi fi
fi fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
@ -202,8 +203,8 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
else else
rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
fi fi
fi fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
@ -217,8 +218,9 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned" echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
exit 62878 exit 62878
fi fi
else }
CERTFILE=$HOSTNAME
function add_cert_selfsigned {
if [[ $ORGANISATION == "Freedombone-CA" ]]; then if [[ $ORGANISATION == "Freedombone-CA" ]]; then
CERTFILE="ca-$HOSTNAME" CERTFILE="ca-$HOSTNAME"
fi fi
@ -236,21 +238,39 @@ else
echo $"Certificate for $CERTFILE could not be pinned" echo $"Certificate for $CERTFILE could not be pinned"
exit 62879 exit 62879
fi fi
fi }
# generate DH params function generate_dh_params {
if [ ! $NODH ]; then if [ ! $NODH ]; then
if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
fi
fi fi
fi }
if [ -f /etc/init.d/nginx ]; then function restart_web_server {
/etc/init.d/nginx reload if [ -f /etc/init.d/nginx ]; then
fi /etc/init.d/nginx reload
fi
}
# Create a bundle of your certificates function make_cert_bundle {
cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt # Create a bundle of your certificates
tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
}
function create_cert {
if [ $LETSENCRYPT_HOSTNAME ]; then
add_cert_letsencrypt
else
add_cert_selfsigned
fi
}
create_cert
generate_dh_params
restart_web_server
make_cert_bundle
exit 0 exit 0