|
|
@@ -162,34 +162,38 @@ for auth in $authz; do
|
|
|
$BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record
|
|
|
check_result $? "DNS _acme-challenge record wasn't created"
|
|
|
else
|
|
|
- if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
|
|
|
- if [ ! -z "$mail" ]; then
|
|
|
- conf="$HOMEDIR/$user/conf/mail/$root_domain/$PROXY_SYSTEM.conf_letsencrypt"
|
|
|
- sconf="$HOMEDIR/$user/conf/mail/$root_domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
|
|
|
- else
|
|
|
- conf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.conf_letsencrypt"
|
|
|
- sconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
|
|
|
- fi
|
|
|
-
|
|
|
- if [ ! -e "$conf" ]; then
|
|
|
- echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
|
|
|
- > $conf
|
|
|
- echo ' default_type text/plain;' >> $conf
|
|
|
- echo ' return 200 "$1.'$THUMB'";' >> $conf
|
|
|
- echo '}' >> $conf
|
|
|
- fi
|
|
|
- if [ ! -e "$sconf" ]; then
|
|
|
- ln -s "$conf" "$sconf"
|
|
|
- fi
|
|
|
- $BIN/v-restart-proxy
|
|
|
- check_result $? "Proxy restart failed" > /dev/null
|
|
|
+ if [ -z "$mail" ]; then
|
|
|
+ if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
|
|
|
+ if [ ! -z "$mail" ]; then
|
|
|
+ conf="$HOMEDIR/$user/conf/mail/$root_domain/$PROXY_SYSTEM.conf_letsencrypt"
|
|
|
+ sconf="$HOMEDIR/$user/conf/mail/$root_domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
|
|
|
+ else
|
|
|
+ conf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.conf_letsencrypt"
|
|
|
+ sconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.ssl.conf_letsencrypt"
|
|
|
+ fi
|
|
|
+
|
|
|
+ if [ ! -e "$conf" ]; then
|
|
|
+ echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
|
|
|
+ > $conf
|
|
|
+ echo ' default_type text/plain;' >> $conf
|
|
|
+ echo ' return 200 "$1.'$THUMB'";' >> $conf
|
|
|
+ echo '}' >> $conf
|
|
|
+ fi
|
|
|
+ if [ ! -e "$sconf" ]; then
|
|
|
+ ln -s "$conf" "$sconf"
|
|
|
+ fi
|
|
|
+ $BIN/v-restart-proxy
|
|
|
+ check_result $? "Proxy restart failed" > /dev/null
|
|
|
|
|
|
- else
|
|
|
- if [ -z "$mail" ]; then
|
|
|
- well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
|
|
|
else
|
|
|
- well_known="/var/lib/roundcube/.well-known"
|
|
|
+ well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
|
|
|
+ acme_challenge="$well_known/acme-challenge"
|
|
|
+ mkdir -p $acme_challenge
|
|
|
+ echo "$token.$THUMB" > $acme_challenge/$token
|
|
|
+ chown -R $user:$user $well_known
|
|
|
fi
|
|
|
+ else
|
|
|
+ well_known="/var/lib/roundcube/.well-known"
|
|
|
acme_challenge="$well_known/acme-challenge"
|
|
|
mkdir -p $acme_challenge
|
|
|
echo "$token.$THUMB" > $acme_challenge/$token
|
|
|
@@ -262,14 +266,23 @@ if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
|
|
|
sed -i '1,2d' $ssl_dir/$domain.ca
|
|
|
fi
|
|
|
|
|
|
+# Rename certs for mail
|
|
|
+if [ ! -z "$mail" ]; then
|
|
|
+ mv $ssl_dir/$domain.ca $ssl_dir/$root_domain.ca
|
|
|
+ mv $ssl_dir/$domain.crt $ssl_dir/$root_domain.crt
|
|
|
+ mv $ssl_dir/$domain.csr $ssl_dir/$root_domain.csr
|
|
|
+ mv $ssl_dir/$domain.key $ssl_dir/$root_domain.key
|
|
|
+ mv $ssl_dir/$domain.pem $ssl_dir/$root_domain.pem
|
|
|
+fi
|
|
|
+
|
|
|
# Adding SSL
|
|
|
if [ -z "$mail" ]; then
|
|
|
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
|
|
|
$BIN/v-delete-web-domain-ssl $user $domain > /dev/null 2>&1
|
|
|
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
|
|
|
else
|
|
|
- $BIN/v-delete-mail-domain-ssl $user $domain >/dev/null 2>&1
|
|
|
- $BIN/v-add-mail-domain-ssl $user $domain $ssl_dir
|
|
|
+ $BIN/v-delete-mail-domain-ssl $user $root_domain >/dev/null 2>&1
|
|
|
+ $BIN/v-add-mail-domain-ssl $user $root_domain $ssl_dir
|
|
|
fi
|
|
|
|
|
|
if [ "$?" -ne '0' ]; then
|
Raphael Schneeberger