Hi ScIT,
Nothing! I am not missing anything, as I mentioned above. I have already a functioning bash framework that has implemented the above feature request. Fur this, I needed to tweak one script to change in v-generate-ssl-cert. Thats it.
Community is missing this valuable feature. Hence the feature request. Lets start all over again.
1. Prepare the script for auto-generation
In the script v-generate-ssl-cert, I have inserted “# Substitute following values for auto creation of SSL certificate”. With this, it is not necessary to manually feed required data to generate a certificate.
2. Execute auto generation script
Now everything is simple. Simply issue bash commands and generate a SSL certificate for one or hundreds of domains.
3. Auto generation as well as manual generation with default values
These changes in v-generate-ssl-cert allows creation of a SSL certificate through php scripts with default values (inserted in there) as well.
If you do not want to use these default values, you could give your new ones. This requires a bit more modification.
If one created a SSL certificate manually through SSL certificate online for one domain, one does not have to feed in manually all the data from one form to the original one.
This is a manual feature that was came together with Vesta and have remained.
The question is, why the hell one may want a domain without SSL? So the SSL will be default. One could remove that SSL certificate from the control panel and generate a new one manually. Or one could create a Lets Encrypt SSL certificate later, which should remove the old one by default too.
#!/bin/bash
# info: generate self signed certificate and CSR request
# options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]
# labels: panel
#
# example: v-generate-ssl-cert example.com [email protected] USA California Monterey ACME.COM IT
#
# The function generates self signed SSL certificate and CSR request
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
domain=$1
domain=$(echo $domain |sed -e 's/\.*$//g' -e 's/^\.*//g')
domain_alias=$domain
email=$2
#country=$3 # Substitute following values for autocreation of SSL certificate
#state=$4
#city=$5
#org=$6
#org_unit=$7
country="DE"
state="DE"
city="DE"
org=$domain
org_unit=$domain
aliases=$8
format=${9-shell}
KEY_SIZE=4096
DAYS=365
# Includes
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
# Json function
json_list_ssl() {
i='1' # iterator
echo '{'
echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CSR\": \"$csr\","
echo " \"DIR\": \"$workdir\""
echo -e "\t}\n}"
}
# Shell function
shell_list_ssl() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$csr" ]; then
echo -e "\n$csr"
fi
echo -e "\nLine 59 (v-generate-ssl-cert): Directory: $workdir"
}
# Additional argument formatting
format_domain_idn
if [[ "$email" = *[![:ascii:]]* ]]; then
email=$(idn -t --quiet -a $email)
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
check_args '7' "$#" "$args_usage"
is_format_valid 'domain' 'aliases' 'format'
release="$(lsb_release -s -r)"
if [ "$release" = "18.04" ]; then
is_format_valid 'email'
fi
if [ ! -f /root/.rnd ]; then
touch /root/.rnd
fi
# Perform verification if read-only mode is enabled
check_hestia_demo_mode
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Create temporary work directory # Substitute following values for autocreation of SSL certificate
# workdir=$(mktemp -d)
tempdir="/tmp/ssl."$domain
mkdir $tempdir
workdir=$tempdir
cd $workdir
# Generate private key
openssl genrsa $KEY_SIZE > $domain.key 2>/dev/null
subj=""
# Generate the CSR
if [ -z "$email" ]; then
subj="/emailAddress=$email"
fi
subj="$subj/C=$country/ST=$state/L=$city/O=$org"
subj="$subj/OU=$org_unit/CN=$domain_idn"
if [ -z "$aliases" ]; then
openssl req -sha256\
-new \
-batch \
-subj "$subj" \
-key $domain.key \
-out $domain.csr >/dev/null 2>&1
else
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
if [[ "$alias" = *[![:ascii:]]* ]]; then
alias=$(idn -t --quiet -a $alias)
fi
dns_aliases="${dns_aliases}DNS:$alias,"
done
dns_aliases=$(echo $dns_aliases |sed "s/,$//")
if [ -e "/etc/ssl/openssl.cnf" ]; then
ssl_conf='/etc/ssl/openssl.cnf'
else
ssl_conf="/etc/pki/tls/openssl.cnf"
fi
openssl req -sha256\
-new \
-batch \
-subj "$subj" \
-key $domain.key \
-reqexts SAN \
-config <(cat $ssl_conf \
<(printf "[SAN]\nsubjectAltName=$dns_aliases")) \
-out $domain.csr >/dev/null 2>&1
fi
# Generate the cert 1 year
openssl x509 -req -sha256 \
-days $DAYS \
-in $domain.csr \
-signkey $domain.key \
-out $domain.crt >/dev/null 2>&1
# Listing certificates
if [ -e "$domain.crt" ]; then
crt=$(cat $domain.crt |sed ':a;N;$!ba;s/\n/\\n/g' )
fi
if [ -e "$domain.key" ]; then
key=$(cat $domain.key |sed ':a;N;$!ba;s/\n/\\n/g' )
fi
if [ -e "$domain.csr" ]; then
csr=$(cat $domain.csr |sed ':a;N;$!ba;s/\n/\\n/g' )
fi
case $format in
json) json_list_ssl ;;
plain) nohead=1; shell_list_ssl ;;
shell) shell_list_ssl ;;
*) check_args '1' '0' '[FORMAT]'
esac
# Delete tmp dir # Substitute following values for autocreation of SSL certificate
#rm -rf $workdir
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit