From 26abac5a934456da3594b1c87a21f6da83813e08 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Jul 2019 15:39:45 +0200 Subject: [PATCH] add --letsencrypt=clean --- CHANGELOG.md | 2 ++ config/bash_completion.d/wo_auto.rc | 18 +++++------ wo/cli/plugins/site.py | 46 +++++++++++++++++++---------- 3 files changed, 42 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67640ba..2c5ba34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records - phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin` - Wildcard SSL Certificates support with DNS validation +- Acme challenge validation with DNS API (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard +- Flag `--letsencrypt=clean` to purge a previous SSL configuration #### Fixed diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index c8f4d45..42f039c 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -159,13 +159,13 @@ _wo_complete() "create") COMPREPLY=( $(compgen \ - -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --le --le=subdomain --le=wildcard --dns --dns=cf --dns=do" \ + -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -- $cur) ) ;; "update") COMPREPLY=( $(compgen \ - -W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --le --le=subdomain --le=wildcard --dns --dns=cf --dns=do" \ + -W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew -le --le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -- $cur) ) ;; "delete") @@ -211,9 +211,9 @@ _wo_complete() "--wp") if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --letsencrypt --php73" + retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --letsencrypt -le --php73" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --le --le=subdomain --le=off --le=wildcard --dns --dns=cf --dns=do" + retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew -le -le=subdomain -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -230,9 +230,9 @@ _wo_complete() "--wpsubdir" | "--wpsubdomain") if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--wpsc --wpfc --user --email --pass --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --le --le=subdomain --le=wildcard --php73 --dns --dns=cf --dns=do" + retlist="--wpsc --wpfc --user --email --pass --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --php73 --dns --dns=dns_cf --dns=dns_do" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --le --le=off --le=subdomain --le=wildcard --dns --dns=cf --dns=do" + retlist="--wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew -le -le=off -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -248,7 +248,7 @@ _wo_complete() "--wpredis" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --php73 --letsencrypt --letsencrypt=subdomain --le --le=subdomain --le=wildcard --dns --dns=cf --dns=do" + retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --php73 --letsencrypt --letsencrypt=subdomain -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -261,7 +261,7 @@ _wo_complete() "--wpredis" | "--wpfc") if [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --le --le=off --le=subdomain --le=wildcard --dns --dns=cf --dns=do" + retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew -le -le=off -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -363,7 +363,7 @@ _wo_complete() case "$mprev" in "--user" | "--email" | "--pass") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --le --le=subdomain --le=wildcard --dns --dns=cf --dns=do" + retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" fi ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index af96b3e..b0aab8e 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -818,7 +818,8 @@ class WOSiteUpdateController(CementBaseController): (['-le', '--letsencrypt'], dict(help="configure letsencrypt ssl for the site", action='store' or 'store_const', - choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), + choices=('on', 'off', 'renew', 'subdomain', + 'wildcard', 'clean'), const='on', nargs='?')), (['--dns'], dict(help="choose dns provider api for letsencrypt", @@ -1184,6 +1185,9 @@ class WOSiteUpdateController(CementBaseController): elif pargs.letsencrypt == 'off': data['letsencrypt'] = False letsencrypt = False + elif pargs.letsencrypt == 'clean': + data['letsencrypt'] = False + letsencrypt = False if letsencrypt is check_ssl: if letsencrypt is False: @@ -1324,23 +1328,35 @@ class WOSiteUpdateController(CementBaseController): ".PLEASE renew soon . ") elif data['letsencrypt'] is False: - if os.path.isfile("{0}/conf/nginx/ssl.conf" - .format(wo_site_webroot)): - Log.info(self, 'Setting Nginx configuration') - WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf" - .format(wo_site_webroot), - '{0}/conf/nginx/ssl.conf.disabled' - .format(wo_site_webroot)) - httpsRedirect(self, wo_domain, False) - if os.path.isfile("{0}/conf/nginx/hsts.conf" + if self.app.pargs.letsencrypt == "off": + if os.path.isfile("{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)): - WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + Log.info(self, 'Setting Nginx configuration') + WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf" .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf.disabled' + '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) - if not WOService.reload_service(self, 'nginx'): - Log.error(self, "service nginx reload failed. " - "check issues with `nginx -t` command") + httpsRedirect(self, wo_domain, False) + if os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/' + 'hsts.conf.disabled' + .format(wo_site_webroot)) + if self.app.pargs.letsencrypt == "clean": + if os.path.isfile("{0}/conf/nginx/ssl.conf" + .format(wo_site_webroot)): + WOFileUtils.remove("{0}/conf/nginx/ssl.conf" + .format(wo_site_webroot)) + WOFileUtils.remove("/etc/letsencrypt/live" + "/{0}".format(wo_domain)) + WOFileUtils.remove("/etc/nginx/conf.d/" + "force-ssl-{0}.conf" + .format(wo_domain_name)) + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") # Log.info(self,"Removing Cron Job set for cert # auto-renewal") WOCron.remove_cron(self,'wo site # update {0} --le=renew --min_expiry_limit 30