Главная Обзор Помощь
Вход
yosoyhendrix
/
vesta
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Ветка: revert-1065-patch-12
Ветки Метки
vesta
/
bin
/
v-add-letsencrypt-domain

v-add-letsencrypt-domain 5.1 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. #!/bin/bash
    2. 

  2. # info: adding letsencrypt ssl cetificate for domain
    3. 

  3. # options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
    4. 

  4. #
    5. 

  5. # The function turns on SSL support for a domain. Parameter ssl_dir is a path
    6. 

  6. # to directory where 2 or 3 ssl files can be found. Certificate file 
    7. 

  7. # domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
    8. 

  8. # authority domain.tld.ca file is optional. If home directory  parameter
    9. 

  9. # (ssl_home) is not set, https domain uses public_shtml as separate
    10. 

  10. # documentroot directory.
    11. 

  11. 

  12. 

  13. #----------------------------------------------------------#
    14. 

  14. #                    Variable&Function                     #
    15. 

  15. #----------------------------------------------------------#
    16. 

  16. 

  17. # Argument definition
    18. 

  18. user=$1
    19. 

  19. domain=$2
    20. 

  20. aliases=$3
    21. 

  21. restart=$4
    22. 

  22. notify=$5
    23. 

  23. 

  24. # Includes
    25. 

  25. source $VESTA/func/main.sh
    26. 

  26. source $VESTA/func/domain.sh
    27. 

  27. source $VESTA/conf/vesta.conf
    28. 

  28. 

  29. 

  30. #----------------------------------------------------------#
    31. 

  31. #                    Verifications                         #
    32. 

  32. #----------------------------------------------------------#
    33. 

  33. 

  34. check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
    35. 

  35. is_format_valid 'user' 'domain'
    36. 

  36. is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
    37. 

  37. is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
    38. 

  38. is_object_valid 'user' 'USER' "$user"
    39. 

  39. is_object_unsuspended 'user' 'USER' "$user"
    40. 

  40. is_object_valid 'web' 'DOMAIN' "$domain"
    41. 

  41. is_object_unsuspended 'web' 'DOMAIN' "$domain"
    42. 

  42. 

  43. 

  44. #----------------------------------------------------------#
    45. 

  45. #                       Action                             #
    46. 

  46. #----------------------------------------------------------#
    47. 

  47. 

  48. # Parsing domain data
    49. 

  49. get_domain_values 'web'
    50. 

  50. 

  51. # Registering LetsEncrypt user account
    52. 

  52. $BIN/v-add-letsencrypt-user $user
    53. 

  53. if [ "$?" -ne 0  ]; then
    54. 

  54.     touch $VESTA/data/queue/letsencrypt.pipe
    55. 

  55.     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    56. 

  56.     send_notice "LETSENCRYPT" "Account registration failed"
    57. 

  57.     check_result $E_CONNECT "LE account registration" >/dev/null
    58. 

  58. fi
    59. 

  59. 

  60. # Parsing LetsEncrypt account data
    61. 

  61. source $USER_DATA/ssl/le.conf
    62. 

  62. email=$EMAIL
    63. 

  63. 

  64. # Validating domain and aliases
    65. 

  65. i=1
    66. 

  66. for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
    67. 

  67.     $BIN/v-check-letsencrypt-domain $user $alias
    68. 

  68.     if [ "$?" -ne 0 ]; then
    69. 

  69.         touch $VESTA/data/queue/letsencrypt.pipe
    70. 

  70.         sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    71. 

  71.         send_notice "LETSENCRYPT" "$alias validation failed"
    72. 

  72.         check_result $E_INVALID "LE domain validation" >/dev/null
    73. 

  73.     fi
    74. 

  74. 

  75.     # Checking LE limits per account
    76. 

  76.     if [ "$i" -gt 100 ]; then
    77. 

  77.         touch $VESTA/data/queue/letsencrypt.pipe
    78. 

  78.         sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    79. 

  79.         send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
    80. 

  80.         check_result $E_LIMIT "LE can't sign more than 100 domains"
    81. 

  81.     fi
    82. 

  82.     i=$((i++))
    83. 

  83. done
    84. 

  84. 

  85. # Generating CSR
    86. 

  86. ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
    87. 

  87.     "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
    88. 

  88. 

  89. # Signing CSR
    90. 

  90. crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
    91. 

  91. if [ "$?" -ne 0 ]; then
    92. 

  92.     touch $VESTA/data/queue/letsencrypt.pipe
    93. 

  93.     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    94. 

  94.     send_notice "LETSENCRYPT" "$alias validation failed"
    95. 

  95.     check_result "$E_INVALID" "LE $domain validation"
    96. 

  96. fi
    97. 

  97. echo "$crt" > $ssl_dir/$domain.crt
    98. 

  98. 

  99. # Dowloading CA certificate
    100. 

  100. le_certs='https://letsencrypt.org/certs'
    101. 

  101. x1='lets-encrypt-x1-cross-signed.pem.txt'
    102. 

  102. x3='lets-encrypt-x3-cross-signed.pem.txt'
    103. 

  103. issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
    104. 

  104. if [ -z "$(echo $issuer|grep X3)" ]; then
    105. 

  105.     curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
    106. 

  106. else
    107. 

  107.     curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
    108. 

  108. fi
    109. 

  109. 

  110. # Adding SSL
    111. 

  111. $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
    112. 

  112. $BIN/v-add-web-domain-ssl $user $domain $ssl_dir
    113. 

  113. if [ "$?" -ne '0' ]; then
    114. 

  114.     touch $VESTA/data/queue/letsencrypt.pipe
    115. 

  115.     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    116. 

  116.     send_notice 'LETSENCRYPT' "$domain certificate installation failed"
    117. 

  117.     check_result $? "SSL install" >/dev/null
    118. 

  118. fi
    119. 

  119. 

  120. # Adding LE autorenew cronjob
    121. 

  121. if [ -z "$(grep v-update-lets $VESTA/data/users/admin/cron.conf)" ]; then
    122. 

  122.     min=$(generate_password '012345' '2')
    123. 

  123.     hour=$(generate_password '1234567' '1')
    124. 

  124.     cmd="sudo $BIN/v-update-letsencrypt-ssl"
    125. 

  125.     $BIN/v-add-cron-job admin "$min" "$hour" '*' '*' '*' "$cmd" > /dev/null
    126. 

  126. fi
    127. 

  127. 

  128. # Updating letsencrypt key
    129. 

  129. if [ -z "$LETSENCRYPT" ]; then
    130. 

  130.     add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT' 'FTP_USER'
    131. 

  131. fi
    132. 

  132. update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
    133. 

  133. 

  134. 

  135. #----------------------------------------------------------#
    136. 

  136. #                       Vesta                              #
    137. 

  137. #----------------------------------------------------------#
    138. 

  138. 

  139. # Restarting web
    140. 

  140. $BIN/v-restart-web $restart
    141. 

  141. if [ "$?" -ne 0  ]; then
    142. 

  142.     send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
    143. 

  143. fi
    144. 

  144. 

  145. # Notifying user
    146. 

  146. send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
    147. 

  147. 

  148. # Deleteing task from queue
    149. 

  149. touch $VESTA/data/queue/letsencrypt.pipe
    150. 

  150. sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    151. 

  151. 

  152. # Logging
    153. 

  153. log_event "$OK" "$ARGUMENTS"
    154. 

  154. 

  155. exit
    156.