From 3fb7a127ad2f8b77ec3b0343bf1172f08251ce2b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 5 Dec 2015 14:17:20 +0000 Subject: [PATCH] Create a letsencrypt cert for a domain --- src/freedombone-sec | 68 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 11 deletions(-) diff --git a/src/freedombone-sec b/src/freedombone-sec index de9c4768..6fd6be92 100755 --- a/src/freedombone-sec +++ b/src/freedombone-sec @@ -58,6 +58,7 @@ CURRENT_DIR=$(pwd) REGENERATE_SSH_HOST_KEYS="no" REGENERATE_DH_KEYS="no" DH_KEYLENGTH=2048 +LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory' function get_protocols_from_website { if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then @@ -365,7 +366,7 @@ function regenerate_dh_keys { 3) DH_KEYLENGTH=4096;; esac - ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH} + ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH} fi } @@ -384,25 +385,25 @@ function renew_startssl { esac if [ ! $renew_domain ]; then - return + return fi if [[ $renew_domain == "http"* ]]; then dialog --title $"Renew a StartSSL certificate" \ --msgbox $"Don't include the https://" 6 40 - return + return fi if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then dialog --title $"Renew a StartSSL certificate" \ --msgbox $"An existing certificate for $renew_domain was not found" 6 40 - return + return fi if [[ $renew_domain != *"."* ]]; then dialog --title $"Renew a StartSSL certificate" \ --msgbox $"Invalid domain name: $renew_domain" 6 40 - return + return fi ${PROJECT_NAME}-renew-cert -h $renew_domain -p startssl @@ -425,25 +426,25 @@ function renew_letsencrypt { esac if [ ! $renew_domain ]; then - return + return fi if [[ $renew_domain == "http"* ]]; then dialog --title $"Renew a Let's Encrypt certificate" \ --msgbox $"Don't include the https://" 6 40 - return + return fi if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then dialog --title $"Renew a Let's Encrypt certificate" \ --msgbox $"An existing certificate for $renew_domain was not found" 6 40 - return + return fi if [[ $renew_domain != *"."* ]]; then dialog --title $"Renew a Let's Encrypt certificate" \ --msgbox $"Invalid domain name: $renew_domain" 6 40 - return + return fi ${PROJECT_NAME}-renew-cert -h $renew_domain -p 'letsencrypt' @@ -451,15 +452,57 @@ function renew_letsencrypt { exit 0 } +function create_letsencrypt { + new_domain= + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Create a new Let's Encrypt certificate" \ + --backtitle $"Freedombone Security Settings" \ + --inputbox $"Enter the domain name" 8 60 2>$data + sel=$? + case $sel in + 0) + new_domain=$(<$data) + ;; + esac + + if [ ! $new_domain ]; then + return + fi + + if [[ $new_domain == "http"* ]]; then + dialog --title $"Create a new Let's Encrypt certificate" \ + --msgbox $"Don't include the https://" 6 40 + return + fi + + if [[ $new_domain != *"."* ]]; then + dialog --title $"Create a new Let's Encrypt certificate" \ + --msgbox $"Invalid domain name: $new_domain" 6 40 + return + fi + + if [ ! -d /var/www/${new_domain} ]; then + dialog --title $"Create a new Let's Encrypt certificate" \ + --msgbox $'Domain not found within /var/www' 6 40 + return + fi + + ${PROJECT_NAME}-addcert -e $new_domain -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH + + exit 0 +} + function housekeeping { cmd=(dialog --separate-output \ --backtitle "Freedombone Security Configuration" \ --title "Housekeeping options" \ - --checklist "If you don't need to do any of these things then just press Enter:" 12 76 16) + --checklist "If you don't need to do any of these things then just press Enter:" 13 76 16) options=(1 "Regenerate ssh host keys" off 2 "Regenerate Diffie-Hellman keys" off 3 "Renew a StartSSL certificate" off - 4 "Renew Let's Encrypt certificate" off) + 4 "Create a new Let's Encrypt certificate" off + 5 "Renew Let's Encrypt certificate" off) choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) clear for choice in $choices @@ -475,6 +518,9 @@ function housekeeping { renew_startssl ;; 4) + create_letsencrypt + ;; + 5) renew_letsencrypt ;; esac