voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2023-11-13 08:19:27 -06:00
parent 5fea5f37be
commit 2141e9d208
2 changed files with 60 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
inc/certs.inc
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
NEWCERT(){
CERTTEST=0
CERTTEST=0; CERTEXPAND=""
if [ "${3}" != "" ] && ([ ${3} -eq 0 ] || [ ${3} -eq 1 ]); then
NEW_CERT=${1}
CERTTEST=${3}
@@ -8,6 +8,7 @@ NEWCERT(){
while [ $# -gt 0 ]; do
case "${1}" in
-test|-t) CERTTEST=1;;
-expand) CERTEXPAND='--expand';;
-h|-help|--help)
echo -e "Usage: ${idsCL[Yellow]}nodemgmt / nmg newcert {hostname}${idsCL[Default]} {"
width=33
@@ -44,9 +45,9 @@ NEWCERT(){
# $CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
# $CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
if [ ${CERTTEST} -eq 1 ]; then
$CERT_DAEMON certonly --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
$CERT_DAEMON certonly ${CERTEXPAND} --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
else
$CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
$CERT_DAEMON certonly ${CERTEXPAND} --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
fi
chown -R root:le ${NM_CERTPATH}
@@ -194,6 +195,29 @@ LISTCERTS(){
done
unset IFS
fi
for c in ${!CHECKCERT_DOMAINS[@]}; do
echo "HERE1: ${c} = ${CHECKCERT_DOMAINS[${c}]}"
done
unset CHECKCERT_DOMAINS
declare -A CHECKCERT_DOMAINS
IFS=$'\n'
for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
HOST=${LINE%% *}
PORT=${LINE#* }
IFS=" "
oldCHECKCERT_DOMAINS[${HOST}]=${PORT}
done
unset IFS
readarray -td '' CHECKCERT_DOMAINS < <(printf '%s\0' "${oldCHECKCERT_DOMAINS[@]}" | sort -z)
for c in ${!CHECKCERT_DOMAINS[@]}; do
echo "HERE2: ${c} = ${CHECKCERT_DOMAINS[${c}]}"
done
# if [ ! -z ${LOCAL_SERVICES+x} ]; then
# NCMD="ssh root@${NM_HOSTS['LB'][0]}"
# #${NCMD} rm -f /tmp/ssllist
@@ -312,6 +336,7 @@ LISTCERTS(){
SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/, ${SUBJECT}//g")
SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/${SUBJECT}//g")
SUBJECTNAMES=${SUBJECTNAMES//, /,}
oldSUBJECTNAMES=${SUBJECTNAMES}
[[ "$(declare -p CHECKCERT_DOMAINS)" =~ "declare -a" ]] && [ "${CHECKCERT_DOMAINS[${SUBJECT}]}" = "" ] && monitored='-' || monitored="Yes"
editc=0
@@ -338,6 +363,7 @@ LISTCERTS(){
1) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Alternate Names: "
read -i "${SUBJECTNAMES}" -e SUBJECTNAMES
SUBJECTNAMES=${SUBJECTNAMES//, /,}
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
;;
2) [ "${monitored}" == "-" ] && monitored='Yes' || monitored='-';;
@@ -384,7 +410,32 @@ LISTCERTS(){
*)
[ "${confirm}" != "" ] && echo -en "\n"
echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}"
NEWCERT
[ "${SUBJECTNAMES}" != "${oldSUBJECTNAMES}" ] && NEWCERT -expand ${SUBJECT},${SUBJECTNAMES} #>/dev/null 2&>1
if [ "${monitored^^}" == "YES" ]; then
if [ "$(grep ${SUBJECT} ${NM_FOLDER}/conf/ssl-domain-checks.conf)" == "" ]; then
[ ! -f ${NM_FOLDER}/conf/ssl-domain-checks.conf ] && touch ${NM_FOLDER}/conf/ssl-domain-checks.conf
# echo "${SUBJECT} 443" >> ${NM_FOLDER}/conf/ssl-domain-checks.conf
unset CHECKCERT_DOMAINS
declare -A CHECKCERT_DOMAINS
IFS=$'\n'
for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
HOST=${LINE%% *}
PORT=${LINE#* }
IFS=" "
oldCHECKCERT_DOMAINS[${HOST}]=${PORT}
done
unset IFS
readarray -td '' CHECKCERT_DOMAINS < <(printf '%s\0' "${oldCHECKCERT_DOMAINS[@]}" | sort -z)
fi
else
sed -i "/${SUBJECT}/d" ${NM_FOLDER}/conf/ssl-domain-checks.conf
fi
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
echo
echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}"