@@ -58,19 +58,22 @@ bash /var/scripts/menu.sh and choose 'Server Configuration' --> 'Activate TLS'"
58
58
Make sure it looks like this:\nyourdomain.com, or cloud.yourdomain.com" )
59
59
fi
60
60
61
- msg_box " Before continuing, please make sure that you have you have edited the DNS settings for $TLSDOMAIN , \
61
+ if [ -z " $DEDYNDOMAIN " ]
62
+ then
63
+ msg_box " Before continuing, please make sure that you have you have edited the DNS settings for $TLSDOMAIN , \
62
64
and opened port 80 and 443 directly to this servers IP. A full extensive guide can be found here:
63
65
https://www.techandme.se/open-port-80-443
64
66
65
67
This can be done automatically if you have UPNP enabled in your firewall/router. \
66
68
You will be offered to use UPNP in the next step."
67
69
68
- if yesno_box_no " Do you want to use UPNP to open port 80 and 443?"
69
- then
70
- unset FAIL
71
- open_port 80 TCP
72
- open_port 443 TCP
73
- cleanup_open_port
70
+ if yesno_box_no " Do you want to use UPNP to open port 80 and 443?"
71
+ then
72
+ unset FAIL
73
+ open_port 80 TCP
74
+ open_port 443 TCP
75
+ cleanup_open_port
76
+ fi
74
77
fi
75
78
76
79
# Curl the lib another time to get the correct https_conf
82
85
print_text_in_color " $ICyan " " Checking if $TLSDOMAIN exists and is reachable..."
83
86
domain_check_200 " $TLSDOMAIN "
84
87
85
- # Check if port is open with NMAP
88
+ # Set /etc/hosts domain
86
89
sed -i " s|127.0.1.1.*|127.0.1.1 $TLSDOMAIN nextcloud|g" /etc/hosts
87
90
network_ok
88
- check_open_port 80 " $TLSDOMAIN "
89
- check_open_port 443 " $TLSDOMAIN "
91
+
92
+ if [ -z " $DEDYNDOMAIN " ]
93
+ then
94
+ # Check if port is open with NMAP
95
+ check_open_port 80 " $TLSDOMAIN "
96
+ check_open_port 443 " $TLSDOMAIN "
97
+ fi
90
98
91
99
# Fetch latest version of test-new-config.sh
92
100
check_command download_script LETS_ENC test-new-config
@@ -207,24 +215,46 @@ then
207
215
sed -i " s|</FilesMatch.*|#|g" " $tls_conf "
208
216
fi
209
217
210
- # Generate certs and auto-configure if successful
211
- if generate_cert " $TLSDOMAIN "
218
+ # Generate certs and auto-configure if successful
219
+ if [ -n " $DEDYNDOMAIN " ]
220
+ then
221
+ print_text_in_color " $ICyan " " Renewing TLS with DNS, please don't abort the hook, it may take a while..."
222
+ # Renew with DNS by default
223
+ certbot --manual \
224
+ --text \
225
+ --rsa-key-size 4096 \
226
+ --renew-by-default \
227
+ --server https://acme-v02.api.letsencrypt.org/directory \
228
+ --no-eff-email \
229
+ --agree-tos \
230
+ --preferred-challenges dns \
231
+ --manual-auth-hook " $SCRIPTS " /deSEC/hook.sh \
232
+ --manual-cleanup-hook " $SCRIPTS " /deSEC/hook.sh \
233
+ -d " $DEDYNDOMAIN " \
234
+ certonly
235
+ else
236
+ generate_cert " $TLSDOMAIN "
237
+ fi
238
+
239
+ # Generate DHparams
240
+ if [ -d " $CERTFILES " ]
241
+ then
242
+ if [ ! -f " $DHPARAMS_TLS " ]
243
+ then
244
+ openssl dhparam -dsaparam -out " $DHPARAMS_TLS " 4096
245
+ fi
246
+ fi
247
+
248
+ # Activate new config
249
+ if check_command bash " $SCRIPTS /test-new-config.sh" " $TLSDOMAIN .conf"
212
250
then
213
- if [ -d " $CERTFILES " ]
251
+ if [ -z " $DEDYNDOMAIN " ]
214
252
then
215
- # Generate DHparams cipher
216
- if [ ! -f " $DHPARAMS_TLS " ]
217
- then
218
- openssl dhparam -dsaparam -out " $DHPARAMS_TLS " 4096
219
- fi
220
- # Activate new config
221
- check_command bash " $SCRIPTS /test-new-config.sh" " $TLSDOMAIN .conf"
222
253
msg_box " Please remember to keep port 80 (and 443) open so that Let's Encrypt can do \
223
254
the automatic renewal of the cert. If port 80 is closed the cert will expire in 3 months.
224
255
225
256
You don't need to worry about security as port 80 is directly forwarded to 443, so \
226
257
no traffic will actually be on port 80, except for the forwarding to 443 (HTTPS)."
227
- exit 0
228
258
fi
229
259
else
230
260
last_fail_tls " $SCRIPTS " /activate-tls.sh cleanup
0 commit comments