Improve letsencrypt certs

This commit is contained in:
Bob Mottram 2016-10-26 16:10:46 +01:00
parent 708cad129f
commit 1000297af0
2 changed files with 52 additions and 18 deletions

View File

@ -308,6 +308,13 @@ function install_xmpp_main {
if [[ $(app_is_installed xmpp_main) == "1" ]]; then if [[ $(app_is_installed xmpp_main) == "1" ]]; then
return return
fi fi
# obtain a cert for the default domain
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo $'Obtaining certificate for the main domain'
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
fi
apt-get -yq install lua-sec lua-bitop apt-get -yq install lua-sec lua-bitop
apt-get -yq install prosody prosody-modules mercurial apt-get -yq install prosody prosody-modules mercurial

View File

@ -187,6 +187,43 @@ function check_certificates {
fi fi
} }
function cert_exists {
cert_type='dhparam'
if [ $2 ]; then
cert_type="$2"
fi
if [ -f /etc/ssl/certs/${1}.${cert_type} ]; then
echo "1"
else
echo "0"
fi
}
function create_self_signed_cert {
${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
function_check check_certificates
check_certificates ${SITE_DOMAIN_NAME}
}
function create_letsencrypt_cert {
${PROJECT_NAME}-addcert -e ${SITE_DOMAIN_NAME} -s ${LETSENCRYPT_SERVER} --dhkey ${DH_KEYLENGTH} --email ${MY_EMAIL_ADDRESS}
if [ ! "$?" = "0" ]; then
if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert"
${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
function_check check_certificates
check_certificates ${SITE_DOMAIN_NAME}
else
echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
exit 682529
fi
return
fi
function_check check_certificates
check_certificates ${SITE_DOMAIN_NAME} 'yes'
}
function create_site_certificate { function create_site_certificate {
SITE_DOMAIN_NAME="$1" SITE_DOMAIN_NAME="$1"
@ -197,26 +234,16 @@ function create_site_certificate {
fi fi
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/${SITE_DOMAIN_NAME}.dhparam ]; then if [[ $(cert_exists) == "0" ]]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH} create_self_signed_cert
function_check check_certificates
check_certificates ${SITE_DOMAIN_NAME}
else else
${PROJECT_NAME}-addcert -e ${SITE_DOMAIN_NAME} -s ${LETSENCRYPT_SERVER} --dhkey ${DH_KEYLENGTH} --email ${MY_EMAIL_ADDRESS} create_letsencrypt_cert
if [ ! "$?" = "0" ]; then fi
if [[ ${NO_SELF_SIGNED} == 'no' ]]; then else
echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert" if [[ $LETSENCRYPT_ENABLED == "yes" ]]; then
${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH} if [[ $(cert_exists pem) == "0" ]]; then
function_check check_certificates create_letsencrypt_cert
check_certificates ${SITE_DOMAIN_NAME}
else
echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
exit 682529
fi
else
function_check check_certificates
check_certificates ${SITE_DOMAIN_NAME} 'yes'
fi fi
fi fi
fi fi