* Wed Feb 12 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-2.sme

- move smanager panel in package [SME: 12916]
- add Requires
- add templates from smeserver-letsencrypt
- use /var/www/html/.well-known/acme-challenge

root/etc/e-smith/templates/etc/dehydrated/config/10Default

@@ -1,90 +0,0 @@
-{
-    use strict;
-    use warnings;
-    use esmith::ConfigDB;
-
-    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
-
-    my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
-        || 'disabled';
-
-    # Default to v2 as v1 no longer supported for new certs. At the moment (Oct 2020) v1 still supported for renewing certs.
-
-    my $letsencryptAPI = $configDB->get_prop( 'letsencrypt', 'API' )
-        || '2';
-
-    $OUT .= "#!/bin/bash\n";
-
-    if ( $letsencryptStatus eq 'disabled' ) {
-        $OUT .= "letsencrypt is disabled";
-    }
-    else {
-        # We should only be here if we are not disabled
-        if ( $letsencryptStatus eq 'test' ) {
-
-            # Use staging directory for testing
-            # Once you are sure you have the settings right then change
-
-            # If it's v1 then use v1, if v2 or auto then use v2 staging
-            if ( $letsencryptAPI eq '1' ) {
-                $OUT .= "CA=\"https://acme-staging.api.letsencrypt.org/directory\"\n";
-            }
-            elsif ( ( $letsencryptAPI eq '2' ) || ( $letsencryptAPI eq 'auto' ) ) {
-                $OUT .= "CA=\"https://acme-staging-v02.api.letsencrypt.org/directory\"\n";
-            }
-        }
-
-        elsif ( $letsencryptStatus ne 'test' ) {
-
-            # Real server - default settings are in the the main dehydrated file
-            # Only use this once you are sure things are OK or you will hit a rate limit.
-
-            # If it's v1 then use v1, if v2 then v2, if auto accept the defaults in the main file
-            if ( $letsencryptAPI eq '1' ) {
-                $OUT .= "CA=\"https://acme-v01.api.letsencrypt.org/directory\"\n";
-            }
-            elsif ( $letsencryptAPI eq '2' ) {
-                $OUT .= "CA=\"https://acme-v02.api.letsencrypt.org/directory\"\n";
-            }
-        }
-
-        $OUT .= "WELLKNOWN=\"/var/www/html/.well-known/acme-challenge\"\n";
-
-        # Hook Script always enabled
-        $OUT .= "HOOK=\"/usr/bin/hook-script.sh\"\n";
-
-        # Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
-        #BASEDIR=$SCRIPTDIR
-
-        $OUT .= "BASEDIR=\"/etc/dehydrated\"\n";
-
-        # Location of private account key (default: $BASEDIR/private_key.pem)
-        #PRIVATE_KEY="${BASEDIR}/private_key.pem"
-
-        my $letsencryptKeysize = $configDB->get_prop( 'letsencrypt', 'keysize' )
-            || '';
-        if ( $letsencryptKeysize ne '' ) {
-
-            # Default keysize for private keys (default: 4096)
-            $OUT .= "KEYSIZE=\"4096\"\n";
-        }
-
-        my $letsencryptEmail = $configDB->get_prop( 'letsencrypt', 'email' ) || '';
-        if ( $letsencryptEmail ne '' ) {
-
-            # E-mail to use during the registration (default: <unset>)
-            $OUT .= "CONTACT_EMAIL=$letsencryptEmail\n";
-        }
-
-        # API version - auto | 1 | 2
-        if ( $letsencryptAPI eq '1' ) {
-            $OUT .= "API=\"1\"\n";
-        }
-        elsif ( $letsencryptAPI eq '2' ) {
-            $OUT .= "API=\"2\"\n";
-        }
-        else {
-            $OUT .= "API=\"auto\"\n";
-        }
-    }
-}

root/etc/e-smith/templates/etc/dehydrated/config/20ACCEPT_TERMS

@@ -1,11 +0,0 @@
-{
-    use strict;
-    use warnings;
-    use esmith::ConfigDB;
-
-    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
-    my $ACCEPT_TERMS = $configDB->get_prop( 'letsencrypt', 'ACCEPT_TERMS' )
-      || 'no';
-    $OUT .= "PARAM_ACCEPT_TERMS=\"yes\"\n" if $ACCEPT_TERMS eq 'yes';
-    $OUT .= "# letsencrypt property ACCEPT_TERMS not set to yes\n" unless $ACCEPT_TERMS eq 'yes';
-}

root/etc/e-smith/templates/etc/dehydrated/config/25directories

@@ -10,7 +10,8 @@
 #DOMAINS_D=
 
 # Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
-BASEDIR=$SCRIPTDIR
+#BASEDIR=$SCRIPTDIR
+BASEDIR="/etc/dehydrated"
 
 # File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
 DOMAINS_TXT="${BASEDIR}/domains.txt"
@@ -25,5 +26,5 @@ ALPNCERTDIR="${BASEDIR}/alpn-certs"
 ACCOUNTDIR="${BASEDIR}/accounts"
 
 # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
-WELLKNOWN="/var/www/dehydrated"
+WELLKNOWN="/var/www/html/.well-known/acme-challenge"
 

root/etc/e-smith/templates/etc/dehydrated/config/30KEY_ALGO

@@ -1,3 +0,0 @@
-# SME Server does not support yet elliptic curve (qpsmtpd and perl-IO-SOcket-SSL < 1.95)
-KEY_ALGO=rsa
-

root/etc/e-smith/templates/etc/dehydrated/config/45Algorithm

@@ -1,3 +1,6 @@
 # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+# KEY_ALGO=secp384r1 (default)
+#elliptic curve was not supported  (qpsmtpd and perl-IO-Socket-SSL < 1.95) 
+# SME 11 has perl-IO-Socket-SSL-2.066
 #KEY_ALGO=rsa
 

root/etc/e-smith/templates/etc/dehydrated/config/47hook

@@ -8,7 +8,7 @@
 #
 # BASEDIR and WELLKNOWN variables are exported and can be used in an external program
 # default: <unset>
-HOOK= /usr/bin/hook-script.sh
+HOOK="/usr/bin/hook-script.sh"
 
 # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
 #HOOK_CHAIN="no"

root/etc/e-smith/templates/etc/dehydrated/config/80API

@@ -1,3 +1,5 @@
 # ACME API version (default: auto)
-API="{$letsencryptAPI||'auto'}"
+API="{
+$letsencryptAPI=($letsencryptAPI eq '1') ?'auto' : $letsencryptAPI;
+  $OUT=$letsencryptAPI||'auto';}"