Trang chủ Khám phá Trợ giúp
Đăng nhập
yosoyhendrix
/
vesta
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Branch: revert-1065-patch-12
Branches Tags
vesta
/
bin
/
v-check-letsencrypt-domain

v-check-letsencrypt-domain 5.3 KB
Permalink Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. #!/bin/bash
    2. 

  2. # info: check letsencrypt domain
    3. 

  3. # options: USER DOMAIN
    4. 

  4. #
    5. 

  5. # The function check and validates domain with LetsEncript
    6. 

  6. 

  7. 

  8. #----------------------------------------------------------#
    9. 

  9. #                    Variable&Function                     #
    10. 

  10. #----------------------------------------------------------#
    11. 

  11. 

  12. # Argument definition
    13. 

  13. user=$1
    14. 

  14. domain=$(idn -t --quiet -u "$2" )
    15. 

  15. domain=$(echo $domain | tr '[:upper:]' '[:lower:]')
    16. 

  16. 

  17. # Includes
    18. 

  18. source $VESTA/func/main.sh
    19. 

  19. source $VESTA/conf/vesta.conf
    20. 

  20. 

  21. # encode base64
    22. 

  22. encode_base64() {
    23. 

  23.     cat |base64 |tr '+/' '-_' |tr -d '\r\n='
    24. 

  24. }
    25. 

  25. 

  26. 

  27. #----------------------------------------------------------#
    28. 

  28. #                    Verifications                         #
    29. 

  29. #----------------------------------------------------------#
    30. 

  30. 

  31. check_args '2' "$#" 'USER DOMAIN'
    32. 

  32. is_format_valid 'user' 'domain'
    33. 

  33. is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
    34. 

  34. is_object_valid 'user' 'USER' "$user"
    35. 

  35. is_object_unsuspended 'user' 'USER' "$user"
    36. 

  36. if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
    37. 

  37.     check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
    38. 

  38. fi
    39. 

  39. rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
    40. 

  40. if [ -z "$rdomain" ]; then
    41. 

  41.     check_result $E_NOTEXIST "domain $domain doesn't exist"
    42. 

  42. fi
    43. 

  43. 

  44. 

  45. #----------------------------------------------------------#
    46. 

  46. #                       Action                             #
    47. 

  47. #----------------------------------------------------------#
    48. 

  48. 

  49. source $USER_DATA/ssl/le.conf
    50. 

  50. api='https://acme-v01.api.letsencrypt.org'
    51. 

  51. r_domain=$(echo "$rdomain" |cut -f 2 -d \')
    52. 

  52. key="$USER_DATA/ssl/user.key"
    53. 

  53. exponent="$EXPONENT"
    54. 

  54. modulus="$MODULUS"
    55. 

  55. thumb="$THUMB"
    56. 

  56. 

  57. # Defining JWK header
    58. 

  58. header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
    59. 

  59. header='{"alg":"RS256","jwk":'"$header"'}'
    60. 

  60. 

  61. # Requesting nonce
    62. 

  62. nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
    63. 

  63. protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
    64. 

  64. 

  65. # Defining ACME query (request challenge)
    66. 

  66. query='{"resource":"new-authz","identifier"'
    67. 

  67. query=$query':{"type":"dns","value":"'"$domain"'"}}'
    68. 

  68. payload=$(echo -n "$query" |encode_base64)
    69. 

  69. signature=$(printf "%s" "$protected.$payload" |\
    70. 

  70.     openssl dgst -sha256 -binary -sign "$key" |encode_base64)
    71. 

  71. data='{"header":'"$header"',"protected":"'"$protected"'",'
    72. 

  72. data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
    73. 

  73. 

  74. # Sending request to LetsEncrypt API
    75. 

  75. answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
    76. 

  76. 

  77. # Checking http answer status
    78. 

  78. status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
    79. 

  79. if [[ "$status" -ne "201" ]]; then
    80. 

  80.     check_result $E_CONNECT "LetsEncrypt challenge request $status"
    81. 

  81. fi
    82. 

  82. 

  83. # Parsing domain nonce,token and uri
    84. 

  84. nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
    85. 

  85. protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
    86. 

  86. token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
    87. 

  87. uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
    88. 

  88. 

  89. # Adding location wrapper for request challenge
    90. 

  90. if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
    91. 

  91.     conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
    92. 

  92.     sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
    93. 

  93.     if [ ! -e "$conf" ]; then
    94. 

  94.         echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
    95. 

  95.         echo '    default_type text/plain;' >> $conf
    96. 

  96.         echo '    return 200 "$1.'$thumb'";' >> $conf
    97. 

  97.         echo '}' >> $conf
    98. 

  98.     fi
    99. 

  99.     if [ ! -e "$sconf" ]; then
    100. 

  100.         ln -s "$conf" "$sconf"
    101. 

  101.     fi
    102. 

  102. else
    103. 

  103.     acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
    104. 

  104.     if [ ! -d "$acme" ]; then
    105. 

  105.         mkdir -p $acme
    106. 

  106.     fi
    107. 

  107.     echo "$token.$thumb" > $acme/$token
    108. 

  108.     chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
    109. 

  109. fi
    110. 

  110. 

  111. # Restarting web server
    112. 

  112. if [ -z "$PROXY_SYSTEM" ]; then
    113. 

  113.     $BIN/v-restart-web
    114. 

  114.     check_result $? "Proxy restart failed" >/dev/null
    115. 

  115. else
    116. 

  116.     $BIN/v-restart-proxy
    117. 

  117.     $BIN/v-restart-web
    118. 

  118.     check_result $? "Web restart failed" >/dev/null
    119. 

  119. fi
    120. 

  120. 

  121. # Defining ACME query (request validation)
    122. 

  122. query='{"resource":"challenge","type":"http-01","keyAuthorization"'
    123. 

  123. query=$query':"'$token.$thumb'","token":"'$token'"}'
    124. 

  124. payload=$(echo -n "$query" |encode_base64)
    125. 

  125. signature=$(printf "%s" "$protected.$payload" |\
    126. 

  126.     openssl dgst -sha256 -binary -sign "$key" |encode_base64)
    127. 

  127. data='{"header":'"$header"',"protected":"'"$protected"'",'
    128. 

  128. data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
    129. 

  129. 

  130. # Sending request to LetsEncrypt API
    131. 

  131. answer=$(curl -s -i -d "$data" "$uri")
    132. 

  132. 

  133. # Checking domain validation status
    134. 

  134. i=1
    135. 

  135. status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
    136. 

  136. location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
    137. 

  137. while [ "$status" = 'pending' ]; do
    138. 

  138.     answer=$(curl -s -i "$location")
    139. 

  139.     detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
    140. 

  140.     status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
    141. 

  141.     sleep 1
    142. 

  142.     i=$((i + 1))
    143. 

  143.     if [ "$i" -gt 60 ]; then
    144. 

  144.         check_result $E_CONNECT "$detail"
    145. 

  145.     fi
    146. 

  146. done
    147. 

  147. if [ "$status" = 'invalid' ]; then
    148. 

  148.     detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
    149. 

  149.     check_result $E_CONNECT "$detail"
    150. 

  150. fi
    151. 

  151. 

  152. 

  153. #----------------------------------------------------------#
    154. 

  154. #                       Vesta                              #
    155. 

  155. #----------------------------------------------------------#
    156. 

  156. 

  157. # Logging
    158. 

  158. log_event "$OK" "$ARGUMENTS"
    159. 

  159. 

  160. exit
    161.