diff --git a/CHANGELOG.md b/CHANGELOG.md index 29ca2fb..a333a97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - PHP 7.3 extras when php 7.2 isn't installed - acme.sh installation +- acme.sh alias with config home variable +- deb.sury.org repository gpg key ### v3.9.4 - 2019-03-15 diff --git a/install b/install index 3454ea8..c69611e 100644 --- a/install +++ b/install @@ -134,9 +134,9 @@ wo_install_dep() { if [ "$wo_linux_distro" == "Ubuntu" ]; then - apt-get -y -qq install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1 + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1 else - apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban > /dev/null 2>&1 + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1 fi locale-gen en @@ -348,10 +348,7 @@ wo_install_acme_sh() { --config-home /etc/letsencrypt/config \ --cert-home /etc/letsencrypt/renewal # enable auto-upgrade - /etc/letsencrypt/acme.sh --upgrade --auto-upgrade \ - --home /etc/letsencrypt \ - --config-home /etc/letsencrypt/config \ - --cert-home /etc/letsencrypt/renewal + /etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --upgrade --auto-upgrade # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 40ab82d..b5f9ba9 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -331,7 +331,7 @@ class WOSiteCreateController(CementBaseController): (['-le', '--letsencrypt'], dict(help="configure letsencrypt ssl for the site", action='store' or 'store_const', - choices=('on', 'off', 'subdomain', 'wildcard'), + choices=('on', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--user'], dict(help="provide user for wordpress site")), diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 6df152f..8a110d0 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1202,7 +1202,10 @@ def setupLetsEncrypt(self, wo_domain_name): Log.warn(self, "Please wait while we fetch the new HTTPS certificate" " for your site.\nIt may take a few minutes" " depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue " + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " "-d {0} -d www.{0} -w /var/www/html " "-k ec-384" .format(wo_domain_name)) @@ -1221,12 +1224,14 @@ def setupLetsEncrypt(self, wo_domain_name): ssl_deploy = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config'" "--install-cert -d {1} --ecc " "--cert-file {0}/{1}/cert.pem " "--key-file {0}/{1}/key.pem " "--fullchain-file " "{0}/{1}/fullchain.pem " - "--reloadcmd=" + "--reloadcmd " "\"service nginx restart\" " .format(WOVariables.wo_ssl_live, wo_domain_name)) @@ -1275,7 +1280,10 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): Log.warn(self, "Please wait while we fetch the new HTTPS certificate " "for your site.\nIt may take a " "few minutes depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue " + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " "-d {0} -w /var/www/html " "-k ec-384" .format(wo_domain_name)) @@ -1324,7 +1332,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): def renewLetsEncrypt(self, wo_domain_name): ssl = WOShellExec.cmd_exec( - self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" + self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force" .format(wo_domain_name)) mail_list = '' @@ -1429,12 +1437,14 @@ def archivedCertificateHandle(self, domain, wo_wp_email): "few minutes depending on your network.") ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " "--install-cert -d {1} --ecc " "--cert-file {0}/{1}/cert.pem " "--key-file {0}/{1}/key.pem " "--fullchain-file " "{0}/{1}/fullchain.pem " - "--reloadcmd=" + "--reloadcmd " "\"service nginx restart\" " .format(WOVariables.wo_ssl_live, domain)) @@ -1451,7 +1461,7 @@ def archivedCertificateHandle(self, domain, wo_wp_email): Log.info(self, "Please wait while we renew the Let's Encrypt" "certificate for your site.\nIt may take a few " "minutes depending on your network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force" .format(domain)) else: diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 459c9c2..c67df0d 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -149,15 +149,13 @@ class WOStackController(CementBaseController): Log.debug(self, 'Adding repository for Nginx') WORepo.add_key(self, WOVariables.wo_nginx_key) - if (WOVariables.wo_platform_distro == 'ubuntu'): - if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or - set(WOVariables.wo_php).issubset(set(apt_packages))): + if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or + set(WOVariables.wo_php).issubset(set(apt_packages))): + if (WOVariables.wo_platform_distro == 'ubuntu'): Log.info(self, "Adding repository for PHP, please wait...") Log.debug(self, 'Adding ppa for PHP') WORepo.add(self, ppa=WOVariables.wo_php_repo) - else: - if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or - set(WOVariables.wo_php).issubset(set(apt_packages))): + else: Log.info(self, "Adding repository for PHP, please wait...") # Add repository for php Log.debug(self, 'Adding repo_url of php for debian') @@ -167,14 +165,11 @@ class WOStackController(CementBaseController): if set(WOVariables.wo_redis).issubset(set(apt_packages)): Log.info(self, "Adding repository for Redis, please wait...") - if WOVariables.wo_platform_distro == 'debian': - Log.debug(self, 'Adding repo_url of redis for debian') - WORepo.add(self, repo_url=WOVariables.wo_redis_repo) - Log.debug(self, 'Adding Deb.sury GPG key') - WORepo.add_key(self, 'AC0E47584A7A714D') - else: + if WOVariables.wo_platform_distro == 'ubuntu': Log.debug(self, 'Adding ppa for redis') WORepo.add(self, ppa=WOVariables.wo_redis_repo) + else: + Log.debug(self, 'Adding repo_url of redis for debian') @expose(hide=True) def post_pref(self, apt_packages, packages): diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index 21412dd..78c2df4 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -5,39 +5,37 @@ from wo.core.logging import Log class SSL: - def getExpirationDays(self,domain,returnonerror=False): + def getExpirationDays(self, domain, returnonerror=False): # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' - .format(domain)): - Log.error(self,'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' - .format(domain),False) + .format(domain)): + Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' + .format(domain), False) if returnonerror: return -1 Log.error(self, "Check the WordOps log for more details " "`tail /var/log/wo/wordops.log` and please try again...") - current_date = WOShellExec.cmd_exec_stdout(self, "date -d \"now\" +%s") - expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" - " -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain)) + expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" + " -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain)) - days_left = int((int(expiration_date) - int(current_date))/ 86400) + days_left = int((int(expiration_date) - int(current_date)) / 86400) if (days_left > 0): return days_left else: # return "Certificate Already Expired ! Please Renew soon." return -1 - def getExpirationDate(self,domain): + def getExpirationDate(self, domain): # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' - .format(domain)): - Log.error(self,'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' - .format(domain),False) + .format(domain)): + Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' + .format(domain), False) Log.error(self, "Check the WordOps log for more details " "`tail /var/log/wo/wordops.log` and please try again...") - expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" - " -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain)) + expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" + " -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain)) return expiration_date - diff --git a/wo/core/variables.py b/wo/core/variables.py index a60b5ce..a595416 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -138,7 +138,7 @@ class WOVariables(): "php7.3-zip", "php7.3-xml", "php7.3-soap"] wo_php_extra = ["php-memcached", "php-imagick", "memcached", "graphviz", "php-xdebug", "php-msgpack", "php-redis"] - wo_php_key = '188C9FB063F0247A' + wo_php_key = 'AC0E47584A7A714D' # MySQL repo and packages if wo_platform_distro == 'ubuntu':