From 2141e9d2083556effe3ff268a1d181ef9ff11afd Mon Sep 17 00:00:00 2001
From: David Schroeder <david@schroedercity.com>
Date: Mon, 13 Nov 2023 08:19:27 -0600
Subject: [PATCH] update

---
 inc/certs.inc | 59 +++++++++++++++++++++++++++++++++++++++++++++++----
 inc/sites.inc | 10 ++++-----
 2 files changed, 60 insertions(+), 9 deletions(-)

diff --git a/inc/certs.inc b/inc/certs.inc
index 4be70653..1b0d7019 100755
--- a/inc/certs.inc
+++ b/inc/certs.inc
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 NEWCERT(){
-	CERTTEST=0
+	CERTTEST=0; CERTEXPAND=""
 	if [ "${3}" != "" ] && ([ ${3} -eq 0 ] || [ ${3} -eq 1 ]); then
 		NEW_CERT=${1}
 		CERTTEST=${3}
@@ -8,6 +8,7 @@ NEWCERT(){
 		while [ $# -gt 0 ]; do
 			case "${1}" in
 				-test|-t) CERTTEST=1;;
+				-expand) CERTEXPAND='--expand';;
 				-h|-help|--help)
 					echo -e "Usage: ${idsCL[Yellow]}nodemgmt / nmg newcert {hostname}${idsCL[Default]} {"
 					width=33
@@ -44,9 +45,9 @@ NEWCERT(){
 		# $CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
 		# $CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
 		if [ ${CERTTEST} -eq 1 ]; then
-			$CERT_DAEMON certonly --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
+			$CERT_DAEMON certonly ${CERTEXPAND} --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
 		else
-			$CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
+			$CERT_DAEMON certonly ${CERTEXPAND} --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
 		fi
 				
 		chown -R root:le ${NM_CERTPATH}
@@ -194,6 +195,29 @@ LISTCERTS(){
 		done
 		unset IFS
 	fi
+	
+	for c in ${!CHECKCERT_DOMAINS[@]}; do
+		echo "HERE1: ${c} = ${CHECKCERT_DOMAINS[${c}]}"
+	done
+		
+	unset CHECKCERT_DOMAINS
+	declare -A CHECKCERT_DOMAINS
+	IFS=$'\n'
+	for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
+	    HOST=${LINE%% *}
+	    PORT=${LINE#* }
+	    IFS=" "
+		oldCHECKCERT_DOMAINS[${HOST}]=${PORT}
+	done
+	unset IFS									
+	readarray -td '' CHECKCERT_DOMAINS < <(printf '%s\0' "${oldCHECKCERT_DOMAINS[@]}" | sort -z)
+	
+	for c in ${!CHECKCERT_DOMAINS[@]}; do
+		echo "HERE2: ${c} = ${CHECKCERT_DOMAINS[${c}]}"
+	done	
+	
+	
+	
 	# if [ ! -z ${LOCAL_SERVICES+x} ]; then
 	# 	NCMD="ssh root@${NM_HOSTS['LB'][0]}"
 	# 	#${NCMD} rm -f /tmp/ssllist
@@ -312,6 +336,7 @@ LISTCERTS(){
 				SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/, ${SUBJECT}//g")
 				SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/${SUBJECT}//g")
 				SUBJECTNAMES=${SUBJECTNAMES//, /,}
+				oldSUBJECTNAMES=${SUBJECTNAMES}
 				
 				[[ "$(declare -p CHECKCERT_DOMAINS)" =~ "declare -a" ]] && [ "${CHECKCERT_DOMAINS[${SUBJECT}]}" = "" ] && monitored='-' || monitored="Yes"
 				editc=0
@@ -338,6 +363,7 @@ LISTCERTS(){
 							1)  echo -e "\033[K\n\033[K"
 								echo -en "\033[KEnter new Alternate Names: "
 								read  -i "${SUBJECTNAMES}" -e SUBJECTNAMES
+								SUBJECTNAMES=${SUBJECTNAMES//, /,}
 								echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
 								;;
 					        2) [ "${monitored}" == "-" ] && monitored='Yes' || monitored='-';;
@@ -384,7 +410,32 @@ LISTCERTS(){
 					        *)
 								[ "${confirm}" != "" ] && echo -en "\n"
 								echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}"
-								NEWCERT 
+								
+								[ "${SUBJECTNAMES}" != "${oldSUBJECTNAMES}" ] && NEWCERT -expand ${SUBJECT},${SUBJECTNAMES} #>/dev/null 2&>1
+								
+								if [ "${monitored^^}" == "YES" ]; then
+									if [ "$(grep ${SUBJECT} ${NM_FOLDER}/conf/ssl-domain-checks.conf)" == "" ]; then
+										[ ! -f ${NM_FOLDER}/conf/ssl-domain-checks.conf ] && touch ${NM_FOLDER}/conf/ssl-domain-checks.conf
+										# echo "${SUBJECT} 443" >> ${NM_FOLDER}/conf/ssl-domain-checks.conf
+									
+										unset CHECKCERT_DOMAINS
+										declare -A CHECKCERT_DOMAINS
+										IFS=$'\n'
+										for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
+										    HOST=${LINE%% *}
+										    PORT=${LINE#* }
+										    IFS=" "
+											oldCHECKCERT_DOMAINS[${HOST}]=${PORT}
+										done
+										unset IFS
+										readarray -td '' CHECKCERT_DOMAINS < <(printf '%s\0' "${oldCHECKCERT_DOMAINS[@]}" | sort -z)
+									fi
+									
+																	
+									
+								else
+									sed -i "/${SUBJECT}/d" ${NM_FOLDER}/conf/ssl-domain-checks.conf
+								fi								
 								echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
 								echo
 								echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}"
diff --git a/inc/sites.inc b/inc/sites.inc
index 0d0ba257..7a90d26b 100755
--- a/inc/sites.inc
+++ b/inc/sites.inc
@@ -497,7 +497,7 @@ NEWPROXYSITE_CREATE(){
 	else
 		[ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ${nginxconfig}
 		if [ ! -f ${nginxconfig} ]; then
-			echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... ${idsCL[Default]}"
+			echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... "
 			cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
 			sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig}
 			sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
@@ -510,19 +510,19 @@ NEWPROXYSITE_CREATE(){
 		else
 			oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,}
 			if [ "${MAIN_SITE}" != "${SITENAME}" ]; then
-				echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... ${idsCL[Default]}"
+				echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... "
 				echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... "
 				DEL-SSL ${SITENAME} >/dev/null 2>&1
 				echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
 				echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... "
-				NEWCERT ${NGINX_SERVERNAME} >/dev/null 2>&1
+				NEWCERT -expand ${NGINX_SERVERNAME} >/dev/null 2>&1
 				echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
 				# sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig}
 				sed -i "s/\/${SITENAME}/\/${MAIN_SITE}/g" ${nginxconfig}
 				
 			elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then
-				echo -e "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes, select 'E'xpand when prompted:"
-				NEWCERT ${NGINX_SERVERNAME}
+				echo -en "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes ... "
+				NEWCERT -expand ${NGINX_SERVERNAME} >/dev/null 2>&1
 				echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
 
 			fi