diff --git a/src/freedombone-addcert b/src/freedombone-addcert index f606677a..f13c94fd 100755 --- a/src/freedombone-addcert +++ b/src/freedombone-addcert @@ -46,6 +46,7 @@ done PIN_CERTS= HOSTNAME= +remove_cert= LETSENCRYPT_HOSTNAME= COUNTRY_CODE="US" AREA="Free Speech Zone" @@ -70,19 +71,20 @@ function show_help { echo '' echo $'Creates a self-signed certificate for the given hostname' echo '' - echo $' --help Show help' - echo $' -h --hostname [name] Hostname' - echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt' - echo $' -s --server [url] Lets Encrypt server URL' - echo $' -c --country [code] Optional country code (eg. US, GB, etc)' - echo $' -a --area [description] Optional area description' - echo $' -l --location [locn] Optional location name' - echo $' -o --organisation [name] Optional organisation name' - echo $' -u --unit [name] Optional unit name' - echo $' --email [address] Email address for letsencrypt' - echo $' --dhkey [bits] DH key length in bits' - echo $' --nodh "" Do not calculate DH params' - echo $' --ca "" Certificate authority cert' + echo $' --help Show help' + echo $' -h --hostname [name] Hostname' + echo $' -e --letsencrypt [hostname] Hostname to use with Lets Encrypt' + echo $' -r --rmletsencrypt [hostname] Remove a Lets Encrypt certificate' + echo $' -s --server [url] Lets Encrypt server URL' + echo $' -c --country [code] Optional country code (eg. US, GB, etc)' + echo $' -a --area [description] Optional area description' + echo $' -l --location [locn] Optional location name' + echo $' -o --organisation [name] Optional organisation name' + echo $' -u --unit [name] Optional unit name' + echo $' --email [address] Email address for letsencrypt' + echo $' --dhkey [bits] DH key length in bits' + echo $' --nodh "" Do not calculate DH params' + echo $' --ca "" Certificate authority cert' echo '' exit 0 } @@ -103,6 +105,11 @@ do shift LETSENCRYPT_HOSTNAME="$1" ;; + -r|--rmletsencrypt) + shift + LETSENCRYPT_HOSTNAME="$1" + remove_cert=1 + ;; --email) shift MY_EMAIL_ADDRESS="$1" @@ -173,6 +180,25 @@ fi CERTFILE=$HOSTNAME +function remove_cert_letsencrypt { + CERTFILE=$LETSENCRYPT_HOSTNAME + + # disable the site if needed + if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then + if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then + nginx_dissite ${LETSENCRYPT_HOSTNAME} + fi + fi + + # remove the cert + rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}* + rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}* + rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf + + # restart the web server + systemctl restart nginx +} + function add_cert_letsencrypt { CERTFILE=$LETSENCRYPT_HOSTNAME @@ -307,6 +333,11 @@ function make_cert_bundle { } function create_cert { + if [ $remove_cert ]; then + remove_cert_letsencrypt + return + fi + if [ $LETSENCRYPT_HOSTNAME ]; then add_cert_letsencrypt else diff --git a/src/freedombone-sec b/src/freedombone-sec index 0d742980..21139aa4 100755 --- a/src/freedombone-sec +++ b/src/freedombone-sec @@ -479,6 +479,47 @@ function renew_letsencrypt { exit 0 } +function delete_letsencrypt { + delete_domain= + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Delete a Let's Encrypt certificate" \ + --backtitle $"Freedombone Security Settings" \ + --inputbox $"Enter the domain name" 8 60 2>$data + sel=$? + case $sel in + 0) + delete_domain=$(<$data) + ;; + esac + + if [ ! $delete_domain ]; then + return + fi + + if [[ $delete_domain == "http"* ]]; then + dialog --title $"Delete a Let's Encrypt certificate" \ + --msgbox $"Don't include the https://" 6 40 + return + fi + + if [ ! -f /etc/ssl/certs/${delete_domain}.dhparam ]; then + dialog --title $"Delete a Let's Encrypt certificate" \ + --msgbox $"An existing certificate for $renew_domain was not found" 6 40 + return + fi + + if [[ $delete_domain != *"."* ]]; then + dialog --title $"Delete a Let's Encrypt certificate" \ + --msgbox $"Invalid domain name: $delete_domain" 6 40 + return + fi + + ${PROJECT_NAME}-addcert -r $delete_domain + + exit 0 +} + function create_letsencrypt { new_domain= data=$(tempfile 2>/dev/null) @@ -923,7 +964,7 @@ function menu_security_settings { trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"Security Settings" \ - --radiolist $"Choose an operation:" 21 76 21 \ + --radiolist $"Choose an operation:" 22 76 22 \ 1 $"Run STIG tests" off \ 2 $"Show ssh host public key" off \ 3 $"Tor bridges" off \ @@ -934,10 +975,11 @@ function menu_security_settings { 8 $"Update cipersuite" off \ 9 $"Create a new Let's Encrypt certificate" off \ 10 $"Renew Let's Encrypt certificate" off \ - 11 $"Enable GPG based authentication (monkeysphere)" off \ - 12 $"Register a website with monkeysphere" off \ - 13 $"Allow ssh login with passwords" off \ - 14 $"Go Back/Exit" on 2> $data + 11 $"Delete a Let's Encrypt certificate" off \ + 12 $"Enable GPG based authentication (monkeysphere)" off \ + 13 $"Register a website with monkeysphere" off \ + 14 $"Allow ssh login with passwords" off \ + 15 $"Go Back/Exit" on 2> $data sel=$? case $sel in 1) exit 1;; @@ -1000,17 +1042,20 @@ function menu_security_settings { renew_letsencrypt ;; 11) - enable_monkeysphere + delete_letsencrypt ;; 12) - register_website + enable_monkeysphere ;; 13) + register_website + ;; + 14) allow_ssh_passwords change_ssh_settings exit 0 ;; - 14) + 15) exit 0 ;; esac