Fix certbot bug.

This commit is contained in:
BoHung Chiu 2022-09-25 11:49:39 +08:00
parent 00607f96bf
commit 97ba0265a8
2 changed files with 48 additions and 2 deletions

View File

@ -93,6 +93,7 @@ else
org_ssl_dir=`dirname $ssl_certificate_file` org_ssl_dir=`dirname $ssl_certificate_file`
new_ssl_dir="ssl_files/$(basename $org_ssl_dir)" new_ssl_dir="ssl_files/$(basename $org_ssl_dir)"
$ssh_command "$remote_sudo_command cp -r -f -L $org_ssl_dir $root_path/ssl_files/." $ssh_command "$remote_sudo_command cp -r -f -L $org_ssl_dir $root_path/ssl_files/."
certbot_file_idx=`$ssh_command "basename $($remote_sudo_command readlink /etc/letsencrypt/live/$real_domain/cert.pem)|sed -E 's/cert([^.]+)\.pem/\1/g'|xargs"`
else else
$ssh_command "$remote_sudo_command cp -f $ssl_certificate_file $root_path/ssl_files/." $ssh_command "$remote_sudo_command cp -f $ssl_certificate_file $root_path/ssl_files/."
$ssh_command "$remote_sudo_command cp -f $ssl_certificate_key_file $root_path/ssl_files/." $ssh_command "$remote_sudo_command cp -f $ssl_certificate_key_file $root_path/ssl_files/."
@ -116,13 +117,35 @@ else
sed "s/\(database:\s\+\).\+/\1${new_db_name}/g" -i "$local_store_path/config/mongoid.yml" sed "s/\(database:\s\+\).\+/\1${new_db_name}/g" -i "$local_store_path/config/mongoid.yml"
if [[ -z "$use_local_command" ]] && [[ ! -z "$match_ssl" ]]; then if [[ -z "$use_local_command" ]] && [[ ! -z "$match_ssl" ]]; then
if [[ ! -z $org_ssl_dir ]]; then if [[ ! -z $org_ssl_dir ]]; then
sudo_command mkdir -p $org_ssl_dir
if [ -z "$(which certbot)" ]; then if [ -z "$(which certbot)" ]; then
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/install_certbot.sh wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/install_certbot.sh
sudo_command bash ./install_certbot.sh sudo_command bash ./install_certbot.sh
fi fi
sudo_command mkdir -p $org_ssl_dir
sudo_command mkdir -p /etc/letsencrypt/renewal
sudo_command cp -r $new_ssl_dir/* $org_ssl_dir/. sudo_command cp -r $new_ssl_dir/* $org_ssl_dir/.
if [[ "$(dirname $org_ssl_dir)" == "/etc/letsencrypt/live" ]] && [[ ! -z "$(ls $org_ssl_dir/*.pem 2>>/dev/null || echo '')" ]]; then
sudo_command mkdir -p /etc/letsencrypt/archive/$real_domain
sudo_command rm -f /etc/letsencrypt/archive/$real_domain/*.pem
sudo_command mv $org_ssl_dir/*.pem /etc/letsencrypt/archive/$real_domain/.
if [[ ! -z "$certbot_file_idx" ]]; then
sudo_command bash -l -c "find '/etc/letsencrypt/archive/$real_domain' -regex '[^0-9]+\.pem' -printf '%p\0'| perl -0 -l0 -pe 'print \$_; s/($(echo /etc/letsencrypt/archive/$real_domain/|sed 's/[\.\/]/\\\0/g')[^\d]+)\.pem/\${1}'$certbot_file_idx'\.pem/'| xargs -0 -n 2 mv"
sudo_command bash -l -c "cd $org_ssl_dir && find '../../archive/$real_domain/' -regex '[^0-9]+$certbot_file_idx\.pem' -printf '%p\0'| perl -0 -l0 -pe 'print \$_; s/$(echo ../../archive/$real_domain/|sed 's/[\.\/]/\\\0/g')([^\d]+)$certbot_file_idx\.pem/\${1}\.pem/'| xargs -0 -n 2 ln -s"
else
sudo_command bash -l -c "cd $org_ssl_dir && ln -s ../../archive/$real_domain/*.pem ."
fi
fi
sudo_command cp -r $new_ssl_dir/renewal/* /etc/letsencrypt/renewal/. sudo_command cp -r $new_ssl_dir/renewal/* /etc/letsencrypt/renewal/.
if [[ -e /etc/letsencrypt/renewal/$real_domain.conf ]]; then #Fix certbot account
letsencrypt_server_name=`sudo_command ls /etc/letsencrypt/accounts/|xargs|awk '{print $1}'`
if [[ ! -z "$letsencrypt_server_name" ]]; then
sudo_command sed -E 's/server\s*=.*/server = https:\/\/'$letsencrypt_server_name'\/directory/g' -i /etc/letsencrypt/renewal/$real_domain.conf
letsencrypt_account_id=`sudo_command ls /etc/letsencrypt/accounts/$letsencrypt_server_name/directory|xargs|awk '{print $1}'`
if [[ ! -z "$letsencrypt_account_id" ]]; then
sudo_command sed -E 's/account\s*=.*/account = '$letsencrypt_account_id'/g' -i /etc/letsencrypt/renewal/$real_domain.conf
fi
fi
fi
else else
sed "s/$(escape_slash $ssl_certificate_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_file)/g" -i $new_nginx_file sed "s/$(escape_slash $ssl_certificate_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_file)/g" -i $new_nginx_file
sed "s/$(escape_slash $ssl_certificate_key_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_key_file)/g" -i $new_nginx_file sed "s/$(escape_slash $ssl_certificate_key_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_key_file)/g" -i $new_nginx_file

View File

@ -97,6 +97,7 @@ else
org_ssl_dir=`dirname $ssl_certificate_file` org_ssl_dir=`dirname $ssl_certificate_file`
new_ssl_dir="ssl_files/$(basename $org_ssl_dir)" new_ssl_dir="ssl_files/$(basename $org_ssl_dir)"
$ssh_command "$remote_sudo_command cp -r -f -L $org_ssl_dir $root_path/ssl_files/." $ssh_command "$remote_sudo_command cp -r -f -L $org_ssl_dir $root_path/ssl_files/."
certbot_file_idx=`$ssh_command "basename $($remote_sudo_command readlink /etc/letsencrypt/live/$real_domain/cert.pem)|sed -E 's/cert([^.]+)\.pem/\1/g'|xargs"`
else else
$ssh_command "$remote_sudo_command cp -f $ssl_certificate_file $root_path/ssl_files/." $ssh_command "$remote_sudo_command cp -f $ssl_certificate_file $root_path/ssl_files/."
$ssh_command "$remote_sudo_command cp -f $ssl_certificate_key_file $root_path/ssl_files/." $ssh_command "$remote_sudo_command cp -f $ssl_certificate_key_file $root_path/ssl_files/."
@ -120,13 +121,35 @@ else
sed "s/\(database:\s\+\).\+/\1${new_db_name}/g" -i "$local_store_path/config/mongoid.yml" sed "s/\(database:\s\+\).\+/\1${new_db_name}/g" -i "$local_store_path/config/mongoid.yml"
if [[ -z "$use_local_command" ]] && [[ ! -z "$match_ssl" ]]; then if [[ -z "$use_local_command" ]] && [[ ! -z "$match_ssl" ]]; then
if [[ ! -z $org_ssl_dir ]]; then if [[ ! -z $org_ssl_dir ]]; then
sudo_command mkdir -p $org_ssl_dir
if [ -z "$(which certbot)" ]; then if [ -z "$(which certbot)" ]; then
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/install_certbot.sh wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/install_certbot.sh
sudo_command bash ./install_certbot.sh sudo_command bash ./install_certbot.sh
fi fi
sudo_command mkdir -p $org_ssl_dir
sudo_command mkdir -p /etc/letsencrypt/renewal
sudo_command cp -r $new_ssl_dir/* $org_ssl_dir/. sudo_command cp -r $new_ssl_dir/* $org_ssl_dir/.
if [[ "$(dirname $org_ssl_dir)" == "/etc/letsencrypt/live" ]] && [[ ! -z "$(ls $org_ssl_dir/*.pem 2>>/dev/null || echo '')" ]]; then
sudo_command mkdir -p /etc/letsencrypt/archive/$real_domain
sudo_command rm -f /etc/letsencrypt/archive/$real_domain/*.pem
sudo_command mv $org_ssl_dir/*.pem /etc/letsencrypt/archive/$real_domain/.
if [[ ! -z "$certbot_file_idx" ]]; then
sudo_command bash -l -c "find '/etc/letsencrypt/archive/$real_domain' -regex '[^0-9]+\.pem' -printf '%p\0'| perl -0 -l0 -pe 'print \$_; s/($(echo /etc/letsencrypt/archive/$real_domain/|sed 's/[\.\/]/\\\0/g')[^\d]+)\.pem/\${1}'$certbot_file_idx'\.pem/'| xargs -0 -n 2 mv"
sudo_command bash -l -c "cd $org_ssl_dir && find '../../archive/$real_domain/' -regex '[^0-9]+$certbot_file_idx\.pem' -printf '%p\0'| perl -0 -l0 -pe 'print \$_; s/$(echo ../../archive/$real_domain/|sed 's/[\.\/]/\\\0/g')([^\d]+)$certbot_file_idx\.pem/\${1}\.pem/'| xargs -0 -n 2 ln -s"
else
sudo_command bash -l -c "cd $org_ssl_dir && ln -s ../../archive/$real_domain/*.pem ."
fi
fi
sudo_command cp -r $new_ssl_dir/renewal/* /etc/letsencrypt/renewal/. sudo_command cp -r $new_ssl_dir/renewal/* /etc/letsencrypt/renewal/.
if [[ -e /etc/letsencrypt/renewal/$real_domain.conf ]]; then #Fix certbot account
letsencrypt_server_name=`sudo_command ls /etc/letsencrypt/accounts/|xargs|awk '{print $1}'`
if [[ ! -z "$letsencrypt_server_name" ]]; then
sudo_command sed -E 's/server\s*=.*/server = https:\/\/'$letsencrypt_server_name'\/directory/g' -i /etc/letsencrypt/renewal/$real_domain.conf
letsencrypt_account_id=`sudo_command ls /etc/letsencrypt/accounts/$letsencrypt_server_name/directory|xargs|awk '{print $1}'`
if [[ ! -z "$letsencrypt_account_id" ]]; then
sudo_command sed -E 's/account\s*=.*/account = '$letsencrypt_account_id'/g' -i /etc/letsencrypt/renewal/$real_domain.conf
fi
fi
fi
else else
sed "s/$(escape_slash $ssl_certificate_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_file)/g" -i $new_nginx_file sed "s/$(escape_slash $ssl_certificate_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_file)/g" -i $new_nginx_file
sed "s/$(escape_slash $ssl_certificate_key_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_key_file)/g" -i $new_nginx_file sed "s/$(escape_slash $ssl_certificate_key_file)/$(escape_slash $root_path)\/ssl_files\/$(basename $ssl_certificate_key_file)/g" -i $new_nginx_file