smeserver/smeserver-certificates
6
0
Fork 0
generated from smedev/Template-for-SMEServer-Core-Package
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smeserver-certificates/root/etc/e-smith/templates/etc/dehydrated/config/10Default
Jean-Philippe Pialasse e631a1dffc * Wed Feb 12 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-2.sme 
- move smanager panel in package [SME: 12916]
- add Requires
- add templates from smeserver-letsencrypt
- use /var/www/html/.well-known/acme-challenge
2025-02-13 01:05:14 -05:00

91 lines
3.1 KiB
Plaintext
Raw Blame History

{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
|| 'disabled';
# Default to v2 as v1 no longer supported for new certs. At the moment (Oct 2020) v1 still supported for renewing certs.
my $letsencryptAPI = $configDB->get_prop( 'letsencrypt', 'API' )
|| '2';
$OUT .= "#!/bin/bash\n";
if ( $letsencryptStatus eq 'disabled' ) {
$OUT .= "letsencrypt is disabled";
}
else {
# We should only be here if we are not disabled
if ( $letsencryptStatus eq 'test' ) {
# Use staging directory for testing
# Once you are sure you have the settings right then change
# If it's v1 then use v1, if v2 or auto then use v2 staging
if ( $letsencryptAPI eq '1' ) {
$OUT .= "CA=\"https://acme-staging.api.letsencrypt.org/directory\"\n";
}
elsif ( ( $letsencryptAPI eq '2' ) || ( $letsencryptAPI eq 'auto' ) ) {
$OUT .= "CA=\"https://acme-staging-v02.api.letsencrypt.org/directory\"\n";
}
}
elsif ( $letsencryptStatus ne 'test' ) {
# Real server - default settings are in the the main dehydrated file
# Only use this once you are sure things are OK or you will hit a rate limit.
# If it's v1 then use v1, if v2 then v2, if auto accept the defaults in the main file
if ( $letsencryptAPI eq '1' ) {
$OUT .= "CA=\"https://acme-v01.api.letsencrypt.org/directory\"\n";
}
elsif ( $letsencryptAPI eq '2' ) {
$OUT .= "CA=\"https://acme-v02.api.letsencrypt.org/directory\"\n";
}
}
$OUT .= "WELLKNOWN=\"/var/www/html/.well-known/acme-challenge\"\n";
# Hook Script always enabled
$OUT .= "HOOK=\"/usr/bin/hook-script.sh\"\n";
# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
#BASEDIR=$SCRIPTDIR
$OUT .= "BASEDIR=\"/etc/dehydrated\"\n";
# Location of private account key (default: $BASEDIR/private_key.pem)
#PRIVATE_KEY="${BASEDIR}/private_key.pem"
my $letsencryptKeysize = $configDB->get_prop( 'letsencrypt', 'keysize' )
|| '';
if ( $letsencryptKeysize ne '' ) {
# Default keysize for private keys (default: 4096)
$OUT .= "KEYSIZE=\"4096\"\n";
}
my $letsencryptEmail = $configDB->get_prop( 'letsencrypt', 'email' ) || '';
if ( $letsencryptEmail ne '' ) {
# E-mail to use during the registration (default: <unset>)
$OUT .= "CONTACT_EMAIL=$letsencryptEmail\n";
}
# API version - auto | 1 | 2
if ( $letsencryptAPI eq '1' ) {
$OUT .= "API=\"1\"\n";
}
elsif ( $letsencryptAPI eq '2' ) {
$OUT .= "API=\"2\"\n";
}
else {
$OUT .= "API=\"auto\"\n";
}
}
}
Reference in New Issue View Git Blame Copy Permalink