phiberoptick/pritunl-server-custom-ssl_manually

## pritunl-server-custom-ssl_manually
Ignore all that craziness below.  These can be set from the cli with the "pritunl" command.

The commands below can be used to get/set the values of the cert, key, port and if the :80 -> "app.server_port" redirect is active.


# Get current SSL server cert:
pritunl get app.server_cert

# Get current SSL server key:
pritunl get app.server_key

# Get current Web Console Port (This cooresponds to the "Web Console Port" option in the settings on the web ui):
pritunl get app.server_port

# Get status of web redirect
# By default, an additional web server runs on :80 for LetsEncrypt verification and redirecting HTTP requests to the "app.server_port" (HTTPS):
pritunl get app.redirect_server


# Set new SSL server cert:
pritunl set app.server_cert "$(cat /path/to/cert.pem)"

# Set new SSL server key:
pritunl set app.server_key "$(cat /path/to/privkey.pem)"

# Set new Web Console Port:
pritunl set app.server_port 443 (or whatever port you want the Web Console UI to listen on)

# Enable redirect to the port defined in "app.server_port":
pritunl set app.redirect_server true

# Disable redirect to the port defined in "app.server_port":
pritunl set app.redirect_server false

### WARNING ###
If you do not want/need a redirect to the port the Web Console is running on *AND* you *DO NOT* use the built in LetsEncrypt functionality (if you do, why are you reading this?), you can safely set "app.redirect_server" to "false"


Leaving this down here to remind myself:
"There is ALWAYS a better way. Never settle for *it works*"

LOL

Find "server_cert_path" and "server_key_path" variables in Pritunl server.
The lines that need changing are in app.py (and server.py) under the Pritunl install.
(Probably don't need to change in server.py as well)

Find the files that need modification:
# grep -Rns -e "server_cert_path = None" -e "server_key_path = None" /path/to/pritunl/install/

I prefer to limit it to /usr/lib/pritunl/local/ but on Debian the files are duplicated in /usr/lib/pritunl/lib/ as well.  I never change them.

# grep -Rns -e "server_cert_path = None" -e "server_key_path = None" /usr/lib/pritunl/local/
/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/app.py:162:    server_cert_path = None
/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/app.py-163:    server_key_path = None
/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/setup/server.py:202:        server_cert_path = None
/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/setup/server.py-203:        server_key_path = None

Use sed to "in place" search/replace in the file(s). (I only ever change app.py)
You can also specify an extension after the -i flag and it will make backups. (-i .bak)

Be a rebel.  If you don't have a backup of it yet or know how to reinstall, it's never too late to learn!
(Seriously. If you can't somehow restore the file if needed, at least give an extension to -i for a backup)
# sed -i -e "s/server_cert_path = None/server_cert_path = \'\/path\/to\/cert.pem\'/g; s/server_key_path = None/server_key_path = \'\/path\/to\/key.pem\'/g" /path/to/app.py


Weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee!!!!!

# grep -Rls -e "server_cert_path = None" -e "server_key_path = None" /usr/lib/pritunl/local/ | while read list; do echo -e "\n\n$list: \n" && sed -i -e "s/server_cert_path = None/server_cert_path = \'\/path\/to\/cert.pem\'/g; s/server_key_path = None/server_key_path = \'\/path\/to\/key.pem\'/g" "$list"; done

or maybe

# grep -Rls -e "server_cert_path = None" -e "server_key_path = None" /usr/lib/pritunl/local/ | xargs sed -i -e "s/server_cert_path = None/server_cert_path = \'\/path\/to\/cert.pem\'/g; s/server_key_path = None/server_key_path = \'\/path\/to\/key.pem\'/g"
	Ignore all that craziness below. These can be set from the cli with the "pritunl" command.

	The commands below can be used to get/set the values of the cert, key, port and if the :80 -> "app.server_port" redirect is active.


	# Get current SSL server cert:
	pritunl get app.server_cert

	# Get current SSL server key:
	pritunl get app.server_key

	# Get current Web Console Port (This cooresponds to the "Web Console Port" option in the settings on the web ui):
	pritunl get app.server_port

	# Get status of web redirect
	# By default, an additional web server runs on :80 for LetsEncrypt verification and redirecting HTTP requests to the "app.server_port" (HTTPS):
	pritunl get app.redirect_server


	# Set new SSL server cert:
	pritunl set app.server_cert "$(cat /path/to/cert.pem)"

	# Set new SSL server key:
	pritunl set app.server_key "$(cat /path/to/privkey.pem)"

	# Set new Web Console Port:
	pritunl set app.server_port 443 (or whatever port you want the Web Console UI to listen on)

	# Enable redirect to the port defined in "app.server_port":
	pritunl set app.redirect_server true

	# Disable redirect to the port defined in "app.server_port":
	pritunl set app.redirect_server false

	### WARNING ###
	If you do not want/need a redirect to the port the Web Console is running on AND you DO NOT use the built in LetsEncrypt functionality (if you do, why are you reading this?), you can safely set "app.redirect_server" to "false"




	Leaving this down here to remind myself:
	"There is ALWAYS a better way. Never settle for it works"

	LOL

	Find "server_cert_path" and "server_key_path" variables in Pritunl server.
	The lines that need changing are in app.py (and server.py) under the Pritunl install.
	(Probably don't need to change in server.py as well)

	Find the files that need modification:
	# grep -Rns -e "server_cert_path = None" -e "server_key_path = None" /path/to/pritunl/install/

	I prefer to limit it to /usr/lib/pritunl/local/ but on Debian the files are duplicated in /usr/lib/pritunl/lib/ as well. I never change them.

	# grep -Rns -e "server_cert_path = None" -e "server_key_path = None" /usr/lib/pritunl/local/
	/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/app.py:162: server_cert_path = None
	/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/app.py-163: server_key_path = None
	/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/setup/server.py:202: server_cert_path = None
	/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/setup/server.py-203: server_key_path = None

	Use sed to "in place" search/replace in the file(s). (I only ever change app.py)
	You can also specify an extension after the -i flag and it will make backups. (-i .bak)

	Be a rebel. If you don't have a backup of it yet or know how to reinstall, it's never too late to learn!
	(Seriously. If you can't somehow restore the file if needed, at least give an extension to -i for a backup)
	# sed -i -e "s/server_cert_path = None/server_cert_path = \'\/path\/to\/cert.pem\'/g; s/server_key_path = None/server_key_path = \'\/path\/to\/key.pem\'/g" /path/to/app.py



	Weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee!!!!!

	# grep -Rls -e "server_cert_path = None" -e "server_key_path = None" /usr/lib/pritunl/local/ \| while read list; do echo -e "\n\n$list: \n" && sed -i -e "s/server_cert_path = None/server_cert_path = \'\/path\/to\/cert.pem\'/g; s/server_key_path = None/server_key_path = \'\/path\/to\/key.pem\'/g" "$list"; done

	or maybe

	# grep -Rls -e "server_cert_path = None" -e "server_key_path = None" /usr/lib/pritunl/local/ \| xargs sed -i -e "s/server_cert_path = None/server_cert_path = \'\/path\/to\/cert.pem\'/g; s/server_key_path = None/server_key_path = \'\/path\/to\/key.pem\'/g"