Home Explore Help
Sign In
yosoyhendrix
/
hestiacp
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: dcf6caec2f
Branches Tags
hestiacp
/
bin
/
v-update-letsencrypt-ssl

v-update-letsencrypt-ssl 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 
  1. #!/bin/bash
    2. 

  2. # info: update letsencrypt ssl certificates
    3. 

  3. # options: NONE
    4. 

  4. #
    5. 

  5. # example: v-update-letsencrypt-ssl
    6. 

  6. #
    7. 

  7. # This function for renew letsencrypt expired ssl certificate for all users
    8. 

  8. 

  9. #----------------------------------------------------------#
    10. 

  10. #                Variables & Functions                     #
    11. 

  11. #----------------------------------------------------------#
    12. 

  12. 

  13. # Includes
    14. 

  14. # shellcheck source=/etc/hestiacp/hestia.conf
    15. 

  15. source /etc/hestiacp/hestia.conf
    16. 

  16. # shellcheck source=/usr/local/hestia/func/main.sh
    17. 

  17. source $HESTIA/func/main.sh
    18. 

  18. # shellcheck source=/usr/local/hestia/func/syshealth.sh
    19. 

  19. source $HESTIA/func/syshealth.sh
    20. 

  20. # load config file
    21. 

  21. source_conf "$HESTIA/conf/hestia.conf"
    22. 

  22. 

  23. # Perform verification if read-only mode is enabled
    24. 

  24. check_hestia_demo_mode
    25. 

  25. 

  26. #----------------------------------------------------------#
    27. 

  27. #                       Action                             #
    28. 

  28. #----------------------------------------------------------#
    29. 

  29. 

  30. # Set LE counter
    31. 

  31. lecounter=0
    32. 

  32. max_LE_failures=30
    33. 

  33. days_valid_setting=31
    34. 

  34. if [ "$LE_STAGING" = "yes" ]; then 
    35. 

  35.     # Overwrite setting to allow testing for renewal to be done easier
    36. 

  36.     days_valid_setting=181
    37. 

  37. fi
    38. 

  38. 

  39. # Checking user certificates
    40. 

  40. for user in $($HESTIA/bin/v-list-sys-users plain); do
    41. 

  41.     USER_DATA=$HESTIA/data/users/$user
    42. 

  42. 

  43.     for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
    44. 

  44.         # Clear any keys related to web domains
    45. 

  45.         sanitize_config_file "web"
    46. 

  46.         domain_suspended="$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')"
    47. 

  47.         if [ "$domain_suspended" = "yes" ]; then
    48. 

  48.             continue
    49. 

  49.         fi
    50. 

  50. 

  51.         fail_counter="$(get_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
    52. 

  52.         if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
    53. 

  53.             continue
    54. 

  54.         fi
    55. 

  55. 

  56.         crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
    57. 

  57.         not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
    58. 

  58.         expiration=$(date -d "$not_after" +%s)
    59. 

  59.         now=$(date +%s)
    60. 

  60.         seconds_valid=$((expiration - now))
    61. 

  61.         days_valid=$((seconds_valid / 86400))
    62. 

  62.         if [[ "$days_valid" -lt "$days_valid_setting" ]]; then
    63. 

  63.             if [ $lecounter -gt 0 ]; then
    64. 

  64.                 sleep 10
    65. 

  65.             fi
    66. 

  66.             ((lecounter++))
    67. 

  67.             aliases=$(echo "$crt_data" |grep DNS:)
    68. 

  68.             aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
    69. 

  69.             aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
    70. 

  70.             aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
    71. 

  71.             aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
    72. 

  72. 

  73.             # Parsing domain
    74. 

  74.             parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
    75. 

  75. 

  76.             # Split aliases into array
    77. 

  77.             IFS=',' read -r -a ALIASES <<< "$ALIAS"
    78. 

  78. 

  79.             # Unset f_aliases
    80. 

  80.             f_aliases=''
    81. 

  81.             
    82. 

  82.             # Loop through all crt aliases
    83. 

  83.             for alias in ${aliases//,/ } ; do
    84. 

  84.                 # Validate if the alias still exists in web.conf
    85. 

  85.                 if [[ "$ALIAS" =~ $alias ]]; then
    86. 

  86.                     f_aliases+="$alias,"
    87. 

  87.                 fi
    88. 

  88.             done
    89. 

  89. 

  90.             # Remove leading comma
    91. 

  91.             if [[ ${f_aliases: -1} = ',' ]] ; then f_aliases=${f_aliases::-1}; fi
    92. 

  92. 

  93.             # Write the filtered alias list to the default var
    94. 

  94.             aliases=$f_aliases    
    95. 

  95. 

  96.             msg=$($BIN/v-add-letsencrypt-domain "$user" "$domain" "$aliases")
    97. 

  97.             if [ $? -ne 0 ]; then
    98. 

  98.                 echo "$msg"
    99. 

  99.                 log_event "$E_INVALID" "$domain $msg"
    100. 

  100.                 $BIN/v-log-action "$user" "Error" "Web" "Let's Encrypt SSL certificate update failed (Domain: $domain)."
    101. 

  101.                 if [ -z "$fail_counter" ]; then
    102. 

  102.                     add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
    103. 

  103.                 fi
    104. 

  104.                 ((fail_counter++))
    105. 

  105.                 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
    106. 

  106.             else
    107. 

  107.                 $BIN/v-log-action "$user" "Info" "Web" "Let's Encrypt SSL certificate renewed (Domain: $domain)."
    108. 

  108.             fi
    109. 

  109.             
    110. 

  110.             if [ -n "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
    111. 

  111.                 hostname=$(hostname -f)
    112. 

  112.                 if [ "$hostname" = "$domain" ]; then
    113. 

  113.                     $BIN/v-update-host-certificate "$user" "$domain"
    114. 

  114.                 fi
    115. 

  115.             fi
    116. 

  116. 

  117.         fi
    118. 

  118.     done
    119. 

  119. 

  120.     for domain in $(search_objects 'mail' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
    121. 

  121. 

  122.         domain_suspended="$(get_object_value 'mail' 'DOMAIN' "$domain" '$SUSPENDED')"
    123. 

  123.         if [ "$domain_suspended" = "yes" ]; then
    124. 

  124.             continue
    125. 

  125.         fi
    126. 

  126. 

  127.         fail_counter="$(get_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
    128. 

  128.         if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
    129. 

  129.             continue
    130. 

  130.         fi
    131. 

  131. 

  132.         crt_data=$(openssl x509 -text -in $USER_DATA/ssl/mail.$domain.crt)
    133. 

  133.         not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
    134. 

  134.         expiration=$(date -d "$not_after" +%s)
    135. 

  135.         now=$(date +%s)
    136. 

  136.         seconds_valid=$((expiration - now))
    137. 

  137.         days_valid=$((seconds_valid / 86400))
    138. 

  138.         if [[ "$days_valid" -lt 31 ]]; then
    139. 

  139.             if [ $lecounter -gt 0 ]; then
    140. 

  140.                 sleep 10
    141. 

  141.             fi
    142. 

  142.             ((lecounter++))
    143. 

  143.             msg=$($BIN/v-add-letsencrypt-domain "$user" "$domain" "" "yes")
    144. 

  144.             if [ $? -ne 0 ]; then
    145. 

  145.                 echo "$msg"
    146. 

  146.                 $BIN/v-log-action "$user" "Error" "Web" "Let's Encrypt SSL certificate update failed (Domain: $domain)."
    147. 

  147.                 log_event "$E_INVALID" "$domain $msg"
    148. 

  148.                 if [ -z "$fail_counter" ]; then
    149. 

  149.                     add_object_key "mail" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
    150. 

  150.                 fi
    151. 

  151.                 ((fail_counter++))
    152. 

  152.                 update_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
    153. 

  153.             else
    154. 

  154.                 $BIN/v-log-action "$user" "Info" "Web" "Let's Encrypt SSL certificate renewed (Domain: $domain)."
    155. 

  155.             fi
    156. 

  156.         fi
    157. 

  157.     done
    158. 

  158. 

  159. done
    160. 

  160. 

  161. # Restart related services
    162. 

  162. $HESTIA/bin/v-restart-web yes
    163. 

  163. $HESTIA/bin/v-restart-mail yes
    164. 

  164. 

  165. if [ -n "$PROXY_SYSTEM" ]; then
    166. 

  166.     $HESTIA/bin/v-restart-proxy yes
    167. 

  167. fi
    168. 

  168. 

  169. 

  170. #----------------------------------------------------------#
    171. 

  171. #                        Hestia                            #
    172. 

  172. #----------------------------------------------------------#
    173. 

  173. 

  174. # No Logging
    175. 

  175. #log_event "$OK" "$EVENT"
    176. 

  176. 

  177. exit
    178.