Created
February 18, 2021 09:17
-
-
Save theFra985/8653d3df8d22f743b7d3de238ceda0a2 to your computer and use it in GitHub Desktop.
Vesta letsencrypt acme.sh backend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# info: check letsencrypt domain | |
# options: USER DOMAIN [ALIASES] | |
# | |
# The function check and validates domain with Let's Encript | |
#----------------------------------------------------------# | |
# Variable&Function # | |
#----------------------------------------------------------# | |
# Argument definition | |
user=$1 | |
domain=$2 | |
aliases=$3 | |
# Includes | |
source $VESTA/func/main.sh | |
source $VESTA/func/domain.sh | |
source $VESTA/conf/vesta.conf | |
#----------------------------------------------------------# | |
# Verifications # | |
#----------------------------------------------------------# | |
check_args '2' "$#" 'USER DOMAIN [ALIASES]' | |
is_format_valid 'user' 'domain' 'aliases' | |
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' | |
is_object_valid 'user' 'USER' "$user" | |
is_object_unsuspended 'user' 'USER' "$user" | |
is_object_valid 'web' 'DOMAIN' "$domain" | |
is_object_unsuspended 'web' 'DOMAIN' "$domain" | |
get_domain_values 'web' | |
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks | |
if [[ "$aliases" != "*.$domain" ]]; then | |
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do | |
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)" | |
if [ -z "$check_alias" ]; then | |
check_result $E_NOTEXIST "domain alias $alias doesn't exist" | |
fi | |
done | |
fi; | |
#----------------------------------------------------------# | |
# Action # | |
#----------------------------------------------------------# | |
# Registering LetsEncrypt user account | |
$BIN/v-add-letsencrypt-user $user | |
if [ "$?" -ne 0 ]; then | |
touch $VESTA/data/queue/letsencrypt.pipe | |
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe | |
send_notice "LETSENCRYPT" "Account registration failed" | |
check_result $E_CONNECT "LE account registration" >/dev/null | |
fi | |
# Parsing LetsEncrypt account data | |
source $USER_DATA/ssl/le.conf | |
workdir=$(mktemp -d) | |
# TODO: aliases support by splitting $aliases # --domain-alias "$aliases" | |
$USER_DATA/ssl/acme.sh/acme.sh --issue -d $domain -w $HOMEDIR/$user/web/$domain/public_html --home $USER_DATA/ssl/acme.sh \ | |
--cert-file $workdir/$domain.crt --key-file $workdir/$domain.key --ca-file $workdir/$domain.ca --fullchain-file $workdir/$domain.pem | |
# Adding SSL | |
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') | |
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1 | |
$BIN/v-add-web-domain-ssl $user $domain $workdir $ssl_home | |
if [ "$?" -ne '0' ]; then | |
touch $VESTA/data/queue/letsencrypt.pipe | |
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe | |
send_notice 'LETSENCRYPT' "$domain certificate installation failed" | |
check_result $? "SSL install" >/dev/null | |
fi | |
# Adding LE autorenew cronjob | |
if [ -z "$(grep v-update-lets $VESTA/data/users/admin/cron.conf)" ]; then | |
min=$(generate_password '012345' '2') | |
hour=$(generate_password '1234567' '1') | |
cmd="sudo $BIN/v-update-letsencrypt-ssl" | |
$BIN/v-add-cron-job admin "$min" "$hour" '*' '*' '*' "$cmd" > /dev/null | |
fi | |
# Updating letsencrypt key | |
if [ -z "$LETSENCRYPT" ]; then | |
add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT' 'FTP_USER' | |
fi | |
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes' | |
#----------------------------------------------------------# | |
# Vesta # | |
#----------------------------------------------------------# | |
# Deleteing task from queue | |
touch $VESTA/data/queue/letsencrypt.pipe | |
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe | |
# Notifying user | |
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" | |
# Logging | |
log_event "$OK" "$ARGUMENTS" | |
exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# info: register letsencrypt user account | |
# options: USER | |
# | |
# The function creates and register LetsEncript account | |
#----------------------------------------------------------# | |
# Variable&Function # | |
#----------------------------------------------------------# | |
# Argument definition | |
user=$1 | |
# Includes | |
source $VESTA/func/main.sh | |
source $VESTA/conf/vesta.conf | |
#----------------------------------------------------------# | |
# Verifications # | |
#----------------------------------------------------------# | |
check_args '1' "$#" 'USER' | |
is_format_valid 'user' | |
is_object_valid 'user' 'USER' "$user" | |
# Defining user email | |
if [[ -z "$EMAIL" ]]; then | |
EMAIL=$(get_user_value '$CONTACT') | |
fi | |
if [ -e "$USER_DATA/ssl/le.conf" ]; then | |
source "$USER_DATA/ssl/le.conf" | |
fi | |
if [ -d "$USER_DATA/ssl/acme.sh/" ]; then | |
if [ -f "$USER_DATA/ssl/acme.sh/acme.sh" ]; then | |
if [ "$EMAIL" == "$(cat $USER_DATA/ssl/mail.txt)" ]; then | |
exit | |
fi | |
echo "$EMAIL differs from $(cat $USER_DATA/ssl/mail.txt)" | |
fi | |
#log_event "$OK" "$ARGUMENTS" | |
#exit | |
fi | |
#----------------------------------------------------------# | |
# Action # | |
#----------------------------------------------------------# | |
mkdir -p $USER_DATA/ssl/acme.sh/ | |
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home $USER_DATA/ssl/acme.sh --config-home $USER_DATA/ssl/acme.sh --accountkey $USER_DATA/ssl/user.key --accountemail $EMAIL | |
echo $EMAIL > $USER_DATA/ssl/mail.txt | |
#----------------------------------------------------------# | |
# Vesta # | |
#----------------------------------------------------------# | |
# Adding le.conf | |
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then | |
echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf | |
echo "KID='E'" >> $USER_DATA/ssl/le.conf | |
chmod 660 $USER_DATA/ssl/le.conf | |
else | |
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf | |
echo "KID='E'" >> $USER_DATA/ssl/le.conf | |
fi | |
# Logging | |
log_event "$OK" "$ARGUMENTS" | |
exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The implementation does not support aliases at the moment