Browse Source

prerelease 27.01.25:00.51

root 2 months ago
parent
commit
2f83d82151

+ 17 - 1
README.md

@@ -1,3 +1,19 @@
1 1
 ### package scripts for auto update all certs
2
+### avto4certbot:0.5.0
2 3
 Если возникает ошибка: "Peer's Certificate issuer is not recognized"
3
-используейте параметр: git -c http.sslVerify=false clone ...
4
+используейте параметр: git -c http.sslVerify=false clone ...
5
+
6
+--
7
+begin edit avto4certbot.conf
8
+
9
+please input pameters: avto4certbot.sh --create [apache & nginx && proxy]| --update [apache & nginx] | --flist [apache & nginx]
10
+avto4certbot.sh --create; create new certificate or --create [apache & nginx && proxy]; create new certificate 
11
+avto4certbot.sh --update; update certificates or --update [apache & nginx && proxy]; update [apache & nginx];
12
+avto4certbot.sh --flist; update certificates from ssl or --flist [apache & nginx && proxy]; rescan list certificates;
13
+avto4certbot.sh --help; this help
14
+* examples:
15
+  avtocertbot.sh --update apache
16
+  or
17
+  avtocertbot.sh --update nginx
18
+  or
19
+  avtocertbot.sh --update apache proxy

+ 5 - 6
dev/avto4certbot.conf

@@ -1,5 +1,5 @@
1
-## config file
2
-## domains - follow the format! domains email port...
1
+## config file for version 0.5.0
2
+## domains, services this parameter type array - please follow the format!
3 3
 domains=( 
4 4
  "mydomains.ru admin@mydomains.ru 80"
5 5
  "mydomains2.ru admin@mydomains.ru 80"
@@ -7,12 +7,12 @@ domains=(
7 7
 
8 8
 ## if update - restart this services
9 9
 services=(
10
-    "postfix"
11
-    "dovecot"
10
+#    "postfix"
11
+#    "dovecot"
12 12
  );
13 13
 
14 14
 ## proxy server - examples: haproxy,nginx... ;)
15
-http_proxy=""
15
+http_proxy="haproxy";
16 16
 
17 17
 ## - nginx sites
18 18
 available_nginx="/etc/nginx/sites-available";
@@ -34,4 +34,3 @@ tmp_dir="/tmp/certbot";
34 34
 
35 35
 ## log file
36 36
 log_file="/var/log/syslog";
37
-

+ 5 - 3
dev/avto4certbot.sh

@@ -404,6 +404,7 @@ if [ "$opt" != "" ]; then
404 404
     swSites;
405 405
     systemctl start $web_service;
406 406
     updateScs;
407
+  fi
407 408
 else
408 409
     pHelp;
409 410
 fi
@@ -419,16 +420,17 @@ if [ "$opt" != "" ]; then
419 420
       scanSSL;
420 421
       systemctl restart $http_proxy
421 422
       updateScs;
422
-      else
423
+    else
423 424
         reports=()
424 425
         reports[${#reports[@]}]="Sorry, there are not found proxy: $http_proxy"
425 426
         makeErr
426 427
         exit
427
-      fi
428
-    else
428
+    fi
429
+  else
429 430
       scanSSL;
430 431
       systemctl restart $web_service;
431 432
       updateScs;
433
+  fi
432 434
 else
433 435
     pHelp;
434 436
 fi

+ 0 - 6
src/avto4certbot/avto4certbot.conf

@@ -1,6 +0,0 @@
1
-webcrt="/home/www/letsencrypt";
2
-## domains & email
3
-domains=( 
4
- '"mydomen.ru" "admin@mydomen.ru" "80"'
5
- '"mydomen2.ru" "admin@mydomen.ru" "80"'
6
- );

+ 0 - 326
src/avto4certbot/avto4certbot.sh

@@ -1,326 +0,0 @@
1
-#!/bin/bash
2
-#
3
-# author: Koshuba V.O.
4
-# license: GPL 2.0
5
-# create 2022
6
-#
7
-version="0.4.3";
8
-sname="avto4certbot";
9
-# необходимы для работы: nginx,certbot (и если почтовый сервер то сервисы в restartMail)
10
-# create new cert or update
11
-path_ssl="/etc/ssl";
12
-path_cert="/etc/letsencrypt/live";
13
-# script path
14
-path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
15
-source "$path_script/avto4certbot.conf";
16
-
17
-## - nginx
18
-nginx_enable="/etc/nginx/sites-enabled";
19
-nginx_available="/etc/nginx/sites-available";
20
-
21
-## - apache
22
-nginx_enable="/etc/apache/sites-enabled";
23
-nginx_available="/etc/apache/sites-available";
24
-
25
-## - mail service or others
26
-set_service=( 
27
-  "nginx"
28
-  #"apache"
29
-);
30
-
31
-##--@S static values
32
-# depends
33
-pkgdep=("curl" "certbot" "letsencrypt") # packages
34
-get_tools=("curl" "certbot" "letsencrypt")
35
-
36
-##
37
-www_root="/tmp/letsencrypt";
38
-
39
-##
40
-path_tmp="/tmp/certbot";
41
-
42
-##
43
-log="/var/log/syslog";
44
-
45
-# - shared options
46
-cmd=$1;
47
-
48
-# - for mail server
49
-opt=$2;
50
-
51
-#-list enable sites
52
-scan_list=();
53
-#
54
-eval enable_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
55
-#
56
-
57
-#--@F Check the program dependency
58
-function checkDep() {
59
-    # - msg debug
60
-    echo "check depends..."
61
-    if [ ! "$lang" ]; then
62
-        lang="C.UTF-8"
63
-    fi
64
-    for ((itools = 0; itools != ${#get_tools[@]}; itools++)); do
65
-        checktool=$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')
66
-        if [[ $checktool = "" ]]; then
67
-            sudo apt install ${pkgdep[$itools]}
68
-        fi
69
-        checktool=$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')
70
-        if [[ $checktool != "" ]]; then
71
-            eval get_${get_tools[$itools]}=$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')
72
-            list_tools[${#list_tools[@]}]="$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')"
73
-        else
74
-            ## lang messages if yes then lang else us...
75
-            reports=()
76
-            reports[${#reports[@]}]="Sorry, there are no required packages to work, please install:${pkgdep[@]}"
77
-            makeErr
78
-            exit
79
-        fi
80
-    done
81
-}
82
-
83
-##--@F make all errors
84
-function makeErr() {
85
-for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
86
-    do
87
-    echo  "$rdate $sname: ${reports[$rpt_index]}">>$log;
88
-    echo   "${reports[$rpt_index]}";
89
-    done
90
- exit 0;
91
-}
92
-
93
-function createCert() {
94
-#
95
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
96
-    do
97
-eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
98
-    if [ "$cmd" == "--create" ];
99
-        then
100
-            certbot -m "${dreg[1]}";
101
-        else
102
-            certbot --update-registration -m "${dreg[1]}";
103
-    fi
104
-##
105
-## example manual: certbot certonly --webroot --webroot-path /tmp/letsencrypt -d mydomen.ru
106
-certbot certonly --webroot --webroot-path $www_root -d ${dreg[0]}
107
-done
108
-}
109
-
110
-function renew() {
111
-certbot renew;
112
-valtrue=0;
113
-rdate=$(date +%Y-%m-%d);
114
-rtime=$(date +%H:%M);
115
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
116
-    do
117
-    eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
118
-     keydate=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$6'});
119
-     keytime=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$7'});
120
-     if [[ "$keydate" = "$rdate" ]] && [[ "$keytime" = "$rtime" ]]; then
121
-         ((valtrue++));
122
-		if [ -d $path_cert/${dreg[0]} ]; then
123
-		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
124
-		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
125
-    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
126
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
127
-#
128
-    		cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
129
-    		cd $path_ssl/certs
130
-    		chmod 600 ${dreg[0]}.pem
131
-    		ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
132
-    		cd $path_ssl
133
-    		echo "$(date) - $sname: update cert for  ${domains[$dmn]}">> $log;
134
-		fi
135
-      fi
136
-done
137
-if [ $valtrue != 0 ];then
138
-     :>/etc/ssl/crt-list.txt
139
-        for ((icrt=0; icrt != ${#domains[@]}; icrt++))
140
-         do
141
-          echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
142
-        done
143
-fi
144
-}
145
-
146
-
147
-function toSSL() {
148
-if [ -d $path_cert ];
149
-    then
150
-        for ((dmn=0; dmn != ${#domains[@]}; dmn++))
151
-            do
152
-                eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
153
-                ((valtrue++));
154
-		if [ -d $path_cert/${dreg[0]} ]; then
155
-		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
156
-		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
157
-    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
158
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
159
-#
160
-                cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
161
-                cd $path_ssl/certs
162
-                chmod 600 ${dreg[0]}.pem
163
-                ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
164
-                cd $path_ssl
165
-                echo "$(date) - $sname: update certlist for  ${domains[$dmn]}">> $log;
166
-		fi
167
-        done
168
-        if [ $valtrue != 0 ]; then
169
-                echo >/etc/ssl/crt-list.txt
170
-            for ((icrt=0; icrt != ${#domains[@]}; icrt++))
171
-                do
172
-                eval local dcrt="(" $(echo -e ${domains[$icrt]}) ")";
173
-                echo "$path_ssl/private/${dcrt[0]}.pem">>/etc/ssl/crt-list.txt
174
-            done
175
-        fi
176
-    else
177
-        echo "Ошибка - отсутствует $path_cert!"
178
-	echo "$(date) - $sname: Ошибка - отсутствует $path_cert!">> $log;
179
-fi
180
-}
181
-
182
-function downSite(){
183
-sudo systemctl stop nginx.service;
184
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
185
-
186
-if [ ${#list_www[@]} != 0 ]; then
187
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
188
-    do
189
-      rm $nginx_enable/${list_www[dwx]};
190
-done
191
-fi
192
-}
193
-
194
-function upSite(){
195
-sudo systemctl stop nginx.service;
196
-eval cert_bot="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
197
-for ((cr=0; cr != ${#cert_bot[@]}; cr++))
198
-    do
199
-      rm $nginx_enable/${cert_bot[cr]};
200
-done
201
-for ((dnm=0; dnm != ${#domains[@]}; dnm++))
202
-    do
203
-eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
204
-    sitename="${dcert[0]}";
205
-    siteport="${dcert[2]}";
206
-    createConf;
207
-done
208
-sudo systemctl start nginx.service;
209
-}
210
-
211
-function restoreSite() {
212
-sudo systemctl stop nginx.service;
213
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
214
-
215
-if [ ${#list_www[@]} != 0 ]; then
216
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
217
-    do
218
-      rm $nginx_enable/${list_www[dwx]};
219
-done
220
-fi
221
-for ((dwx=0; dwx != ${#enable_www[@]}; dwx++))
222
-    do
223
-	ln -s $nginx_available/${enable_www[dwx]} $nginx_enable/${enable_www[dwx]};
224
-done
225
-sudo systemctl start nginx.service;
226
-}
227
-
228
-function createConf(){
229
-if [ ! -d $path_tmp ];
230
-  then
231
-    mkdir -p $path_tmp;
232
-fi
233
-
234
-if [ ! -d $www_root ];
235
-  then
236
-    mkdir -p $www_root/.well-known/acme-challenge;
237
-chown -R www-data:www-data $www_root;
238
-fi
239
-    echo >$path_tmp/$sitename.conf;
240
-    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
241
-    echo -e '\n' >>$path_tmp/$sitename.conf;
242
-    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
243
-    echo -e '\n' >>$path_tmp/$sitename.conf;
244
-    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
245
-    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
246
-    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
247
-    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
248
-    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
249
-    echo -e '}' >>$path_tmp/$sitename.conf;
250
-    echo -e '\n' >>$path_tmp/$sitename.conf;
251
-    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
252
-    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
253
-    echo -e '}' >>$path_tmp/$sitename.conf;
254
-    echo -e '\n' >>$path_tmp/$sitename.conf;
255
-    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
256
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
257
-    echo -e '\n' >>$path_tmp/$sitename.conf;
258
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
259
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
260
-    echo -e '}' >>$path_tmp/$sitename.conf;
261
-ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
262
-}
263
-
264
-function restartService(){
265
-for ((scn=0; scn != ${#set_service[@]}; scn++))
266
-    do
267
-/etc/init.d/${set_service[$scn]} restart;
268
-# systemctl restart ${set_services[$scn]};
269
-done
270
-}
271
-
272
-case "$cmd" in
273
-
274
-## create cert
275
-"--create" | "--create" )
276
-
277
-downSite;
278
-upSite;
279
-createCert;
280
-toSSL;
281
-downSite;
282
-if [ "$opt" == "srv" ]; then
283
-restartService;
284
-else
285
-restoreSite;
286
-fi
287
-
288
-;;
289
-
290
-## update cert
291
-"--update" | "--update" )
292
-
293
-downSite;
294
-upSite;
295
-renew;
296
-downSite;
297
-if [[ "$opt" == "srv" ]] && [[ $valtrue != 0 ]]; then
298
- restartService;
299
-else
300
- restoreSite;
301
-fi
302
-
303
-;;
304
-
305
-## update cert force
306
-"--flist" | "--flist" )
307
-toSSL;
308
-if [ "$opt" == "srv" ]; then
309
-restartService;
310
-fi
311
-
312
-;;
313
-
314
-## start defaults
315
-
316
-* )
317
-checkDep;
318
-echo "$sname:$version"
319
-echo "please input pameters: avto4certbot.sh --create | --update | --flist";
320
-echo "avto4certbot.sh --create; create new certificate or --create srv; create and restart mail or other  services " 
321
-echo "avto4certbot.sh --update; update certificates or --update srv; update and restart mail or others services;"
322
-echo "avto4certbot.sh --flist; update certificates from ssl or --flist srv; update certs and restart mail or other services;"
323
-;;
324
-esac
325
-
326
-exit

+ 0 - 82
src/certbot4haproxy/autocertbot.sh

@@ -1,82 +0,0 @@
1
-#!/bin/bash
2
-# script convert end make ssl sert for https
3
-# info - script auto update cert for sites
4
-# version 1.10.1
5
-# author Koshuba V.O.- 2021
6
-# master@qbpro.ru
7
-# 
8
-path_certbot="/etc/letsencrypt/live";
9
-path_ssl="/etc/ssl/private";
10
-source certbot.conf;
11
-log="/var/log/syslog";
12
-#
13
-cmd=$1;
14
-#
15
-## if keys update certbot - recreate keys for sites
16
-function makekeys() {
17
-valtrue=0;
18
-rdate=$(date +%Y-%m-%d);
19
-rtime=$(date +%H:%M);
20
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
21
-    do
22
-     keydate=$(ls -l --time-style=long-iso $path_certbot/${domains[$dmn]}/cert.pem |awk {'print$6'});
23
-     keytime=$(ls -l --time-style=long-iso $path_certbot/${domains[$dmn]}/cert.pem |awk {'print$7'});
24
-     if [ "$keydate" = "$rdate" ] && [ "$keytime" = "$rtime" ];
25
-        then
26
-         ((valtrue++));
27
-        cat $path_certbot/${domains[$dmn]}/cert.pem > $path_ssl/${domains[$dmn]}.pem;
28
-        cat $path_certbot/${domains[$dmn]}/chain.pem >> $path_ssl/${domains[$dmn]}.pem;
29
-        cat $path_certbot/${domains[$dmn]}/fullchain.pem >> $path_ssl/${domains[$dmn]}.pem;
30
-        cat $path_certbot/${domains[$dmn]}/privkey.pem >> $path_ssl/${domains[$dmn]}.pem;
31
-        echo "$rdate - $rtime - autocertbot: recreate cert for  ${domains[$dmn]}">> $log;
32
-      fi
33
-done
34
-if [ $valtrue != 0 ];
35
-   then
36
-     :>/etc/ssl/crt-list.txt
37
-        for ((icrt=0; icrt != ${#domains[@]}; icrt++))
38
-         do
39
-          echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
40
-        done
41
-fi
42
-}
43
-
44
-function renew() {
45
-/etc/init.d/haproxy stop;
46
-    certbot renew;
47
-    makekeys;
48
-/etc/init.d/haproxy start;
49
-}
50
-
51
-function createCert() {
52
-certbot register --agree-tos -m $adminmail;
53
-/etc/init.d/haproxy stop;
54
-
55
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
56
-    do
57
-      certbot certonly --preferred-challenges http --standalone -d ${domains[$dmn]};
58
-    done
59
-/etc/init.d/haproxy start;
60
-}
61
-
62
-
63
-case "$cmd" in
64
-
65
-## create cert
66
-"--create" | "--create" )
67
-createCert;
68
-;;
69
-
70
-## update cert
71
-"--update" | "--update" )
72
-renew;
73
-;;
74
-
75
-## start defaults
76
-
77
-* )
78
-echo "please input pameters: autocertbot.sh --create | --update";
79
-echo "autocertbot.sh --create; create new certificate"
80
-echo "autocertbot.sh --update; update certificates;"
81
-;;
82
-esac

+ 0 - 4
src/certbot4haproxy/certbot.conf

@@ -1,4 +0,0 @@
1
-adminmail="admin@mydomen.com";
2
-domains=( "mydomen.com"
3
-          "webmail.mydomen.com"
4
-           );