ホーム エクスプローラ ヘルプ
サインイン
yosoyhendrix
/
hestiacp
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: e7123fe455
ブランチ タグ
hestiacp
/
bin
/
v-update-letsencrypt-ssl

v-update-letsencrypt-ssl 5.0 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. #!/bin/bash
    2. 

  2. # info: update letsencrypt ssl certificates
    3. 

  3. # options: NONE
    4. 

  4. # labels: panel
    5. 

  5. #
    6. 

  6. # example: v-update-letsencrypt-ssl
    7. 

  7. #
    8. 

  8. # The function for renew letsencrypt expired ssl certificate for all users
    9. 

  9. 

  10. 

  11. #----------------------------------------------------------#
    12. 

  12. #                    Variable&Function                     #
    13. 

  13. #----------------------------------------------------------#
    14. 

  14. 

  15. # Importing system enviroment  as we run this script
    16. 

  16. # mostly by cron wich not read it by itself
    17. 

  17. source /etc/profile
    18. 

  18. 

  19. # Includes
    20. 

  20. source $HESTIA/func/main.sh
    21. 

  21. source $HESTIA/conf/hestia.conf
    22. 

  22. 

  23. 

  24. #----------------------------------------------------------#
    25. 

  25. #                       Action                             #
    26. 

  26. #----------------------------------------------------------#
    27. 

  27. 

  28. # Set LE counter
    29. 

  29. lecounter=0
    30. 

  30. max_LE_failures=30
    31. 

  31. 

  32. # Checking user certificates
    33. 

  33. for user in $($HESTIA/bin/v-list-sys-users plain); do
    34. 

  34.     USER_DATA=$HESTIA/data/users/$user
    35. 

  35. 

  36.     for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
    37. 

  37. 

  38.         domain_suspended="$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')"
    39. 

  39.         if [ "$domain_suspended" = "yes" ]; then
    40. 

  40.             continue
    41. 

  41.         fi
    42. 

  42. 

  43.         fail_counter="$(get_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
    44. 

  44.         if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
    45. 

  45.             continue
    46. 

  46.         fi
    47. 

  47. 

  48.         crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
    49. 

  49.         not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
    50. 

  50.         expiration=$(date -d "$not_after" +%s)
    51. 

  51.         now=$(date +%s)
    52. 

  52.         seconds_valid=$((expiration - now))
    53. 

  53.         days_valid=$((seconds_valid / 86400))
    54. 

  54.         if [[ "$days_valid" -lt 31 ]]; then
    55. 

  55.             if [ $lecounter -gt 0 ]; then
    56. 

  56.                 sleep 10
    57. 

  57.             fi
    58. 

  58.             ((lecounter++))
    59. 

  59.             aliases=$(echo "$crt_data" |grep DNS:)
    60. 

  60.             aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
    61. 

  61.             aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
    62. 

  62.             aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
    63. 

  63.             aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
    64. 

  64. 

  65.             # Source domain.conf
    66. 

  66.             source <(cat $HESTIA/data/users/$user/web.conf | grep "DOMAIN='$domain'")
    67. 

  67. 

  68.             # Split aliases into array
    69. 

  69.             IFS=',' read -r -a ALIASES <<< "$ALIAS"
    70. 

  70. 

  71.             # Unset f_aliases
    72. 

  72.             f_aliases=''
    73. 

  73.             
    74. 

  74.             # Loop through all crt aliases
    75. 

  75.             for alias in ${aliases//,/ } ; do
    76. 

  76.                 # Validate if the alias still exists in web.conf
    77. 

  77.                 if [[ " ${ALIASES[@]} " =~ " ${alias} " ]]; then
    78. 

  78.                     f_aliases+="$alias,"
    79. 

  79.                 fi
    80. 

  80.             done
    81. 

  81. 

  82.             # Remove leading comma
    83. 

  83.             if [[ ${f_aliases: -1} = ',' ]] ; then f_aliases=${f_aliases::-1}; fi
    84. 

  84. 

  85.             # Write the filtered alias list to the default var
    86. 

  86.             aliases=$f_aliases
    87. 

  87. 

  88.             msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
    89. 

  89.             if [ $? -ne 0 ]; then
    90. 

  90.                 echo $msg
    91. 

  91.                 log_event $E_INVALID "$domain $msg"
    92. 

  92.                 if [ -z "$fail_counter" ]; then
    93. 

  93.                     add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
    94. 

  94.                 fi
    95. 

  95.                 ((fail_counter++))
    96. 

  96.                 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
    97. 

  97.             fi
    98. 

  98.         fi
    99. 

  99.     done
    100. 

  100. 

  101.     for domain in $(search_objects 'mail' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
    102. 

  102. 

  103.         domain_suspended="$(get_object_value 'mail' 'DOMAIN' "$domain" '$SUSPENDED')"
    104. 

  104.         if [ "$domain_suspended" = "yes" ]; then
    105. 

  105.             continue
    106. 

  106.         fi
    107. 

  107. 

  108.         fail_counter="$(get_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
    109. 

  109.         if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
    110. 

  110.             continue
    111. 

  111.         fi
    112. 

  112. 

  113.         crt_data=$(openssl x509 -text -in $USER_DATA/ssl/mail.$domain.crt)
    114. 

  114.         not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
    115. 

  115.         expiration=$(date -d "$not_after" +%s)
    116. 

  116.         now=$(date +%s)
    117. 

  117.         seconds_valid=$((expiration - now))
    118. 

  118.         days_valid=$((seconds_valid / 86400))
    119. 

  119.         if [[ "$days_valid" -lt 31 ]]; then
    120. 

  120.             if [ $lecounter -gt 0 ]; then
    121. 

  121.                 sleep 10
    122. 

  122.             fi
    123. 

  123.             ((lecounter++))
    124. 

  124.             msg=$($BIN/v-add-letsencrypt-domain $user $domain ' ' yes)
    125. 

  125.             if [ $? -ne 0 ]; then
    126. 

  126.                 echo $msg
    127. 

  127.                 log_event $E_INVALID "$domain $msg"
    128. 

  128.                 if [ -z "$fail_counter" ]; then
    129. 

  129.                     add_object_key "mail" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
    130. 

  130.                 fi
    131. 

  131.                 ((fail_counter++))
    132. 

  132.                 update_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
    133. 

  133.             fi
    134. 

  134.         fi
    135. 

  135.     done
    136. 

  136. 

  137. done
    138. 

  138. 

  139. #----------------------------------------------------------#
    140. 

  140. #                        Hestia                            #
    141. 

  141. #----------------------------------------------------------#
    142. 

  142. 

  143. # No Logging
    144. 

  144. #log_event "$OK" "$EVENT"
    145. 

  145. 

  146. exit
    147.