WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 2293 2017-06-20 15:31:12Z tom.houdayer $
+#  $Id: alcasar.sh 2304 2017-06-26 12:56:14Z tom.houdayer $
 # alcasar.sh
 # ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
 # Ce programme est un logiciel libre ; This software is free and open source
 #	BL			: Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
 #	cron			: Logs export + watchdog + connexion statistics
 #	fail2ban		: Fail2ban IDS installation and configuration
 #	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
 #	msec			: Mandriva security package configuration
+#	letsencrypt		: Let's Encrypt client
 #	post_install		: Security, log rotation, etc.
 DATE=`date '+%d %B %Y - %Hh%M'`
 DATE_SHORT=`date '+%d/%m/%Y'`
 Lang=`echo $LANG|cut -c 1-2`
 	cat << EOF > /etc/cron.d/alcasar-rsync-bl
 # Automatic update of BL via rsync every 12 hours. The categories are listed in the file '/usr/local/etc/update_cat.conf' (no sync if empty).
 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
 EOF
+# Renew the Let's Encrypt certificate
+	cat <<EOF > /etc/cron.d/alcasar-letsencrypt
+# Automatic renew of the Let's Encrypt certificate
+@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
+EOF
 # removing the users crons
 	rm -f /var/spool/cron/*
 } # End cron
 ##################################################################
 /usr/sbin/msec
 /etc/cron.weekly/msec
 } # END msec()
+##################################################################
+##			Fonction "letsencrypt"			##
+## - Install Let's Encrypt client				##
+## - Prepare Let's Encrypt ALCASAR configuration file		##
+##################################################################
+letsencrypt()
+{
+	echo "Installing Let's Encrypt client..."
+	# Extract acme.sh
+	tar xzf ./conf/letsencrypt-client/acme.sh-*.tar.gz -C /tmp/
+	pwdInstall=$(pwd)
+	cd /tmp/acme.sh-*
+	acmesh_installDir="/opt/acme.sh"
+	acmesh_confDir="/usr/local/etc/letsencrypt"
+	acmesh_userAgent="ALCASAR/$VERSION"
+	# Install acme.sh
+	./acme.sh --install \
+		--home $acmesh_installDir \
+		--config-home $acmesh_confDir/data \
+		--certhome $acmesh_confDir/certs \
+		--accountkey $acmesh_confDir/ca/account.key \
+		--accountconf $acmesh_confDir/data/account.conf \
+		--useragent $acmesh_userAgent \
+		--nocron
+	if [ $? -ne 0 ]; then
+		echo "Error during installation of Let's Encrypt client (acme.sh)."
+	fi
+	# Create configuration file
+	cat <<EOF > /usr/local/etc/alcasar-letsencrypt
+email=
+dateIssueRequest=
+domainRequest=
+challenge=
+dateIssued=
+dnsapi=
+dateNextRenewal=
+EOF
+	cd $pwdInstall
+	rm -rf /tmp/acme.sh-*
+} # END letsencrypt()
 ##################################################################
 ##		Fonction "post_install"			##
 ## - Modifying banners (locals et ssh) & prompts	##
 ## - SSH config						##
 ## - sudoers config & files security			##
 			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
 			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
 			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
 			mode="update"
 		fi
-		for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install
+		for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
 		do
 			$func
 # echo "*** 'debug' : end of function $func ***"; read a
 		done
 		;;

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 2293 → 2304