diff --git a/mbadmin.jps b/mbadmin.jps index e50aa7b..b29e9ba 100644 --- a/mbadmin.jps +++ b/mbadmin.jps @@ -137,28 +137,6 @@ menu: action: check_domain_ip settings: checkDomainConfig successText: "${response.out}" - - confirmText: Are you sure you want to remove the SSL certificate for this domain? - loadingText: Removing SSL Certificate... - caption: Remove SSL Certificate - action: remove_ssl_cert - settings: sslRemoveConfig - successText: "SSL certificate for '${settings.domain}' has been successfully removed." - - confirmText: Do you want to fix LiteSpeed configuration XML tags? - loadingText: Fixing LiteSpeed Configuration... - caption: Fix LiteSpeed XML - action: fix_litespeed_xml - successText: "LiteSpeed configuration XML tags have been fixed." - - confirmText: Do you want to analyze the LiteSpeed configuration? - loadingText: Analyzing LiteSpeed configuration... - caption: Diagnose LiteSpeed Config - action: diagnose_litespeed_config - successText: "LiteSpeed configuration analysis complete." - - confirmText: Clean up certificate references in shared listeners? - loadingText: Cleaning up certificate references... - caption: Clean Certificate References - action: clean_cert_references - settings: cleanCertConfig - successText: "Certificate references have been cleaned up." settings: checkDomainConfig: @@ -278,20 +256,6 @@ settings: type: text caption: Email Address required: true - sslRemoveConfig: - submitUnchanged: true - fields: - - name: domainremove - type: text - caption: Domain Name - required: true - cleanCertConfig: - submitUnchanged: true - fields: - - name: domain - type: text - caption: Domain Name - required: true actions: dynamic_wp_cli: @@ -606,135 +570,6 @@ actions: - return: type: info message: "${response.out}" - remove_ssl_cert: - - cmd[cp]: - user: root - commands: - - bash /home/litespeed/mbmanager/ssl-manager/ssl_manager.sh --domain="${settings.domainremove}" --remove-cert=yes --confirm=yes - - - if: ${response.exitcode} == 0 - return: - type: success - message: "SSL certificate for '${settings.domainremove}' has been successfully removed." - - else: - return: - type: error - message: "Failed to remove SSL certificate: ${response.out}" - fix_litespeed_xml: - - cmd[cp]: - user: root - commands: - - CONF_FILE="/var/www/conf/httpd_config.xml" - - echo "Backing up LiteSpeed configuration..." - - cp "$CONF_FILE" "${CONF_FILE}.backup.$(date +%Y%m%d%H%M%S)" - - echo "Fixing XML tag inconsistencies..." - - awk '{gsub(//, ""); gsub(/<\/n>/, ""); print}' "$CONF_FILE" > "${CONF_FILE}.new" - - cat "${CONF_FILE}.new" > "$CONF_FILE" - - rm "${CONF_FILE}.new" - - systemctl restart lsws - - return: - type: success - message: "LiteSpeed configuration XML tags have been normalized. The web server has been restarted." - diagnose_litespeed_config: - - cmd[cp]: - user: root - commands: - - | - CONF_FILE="/var/www/conf/httpd_config.xml" - echo "Analyzing LiteSpeed configuration tags..." - echo "-----------------------------------" - echo "Number of tags: $(grep -c "" $CONF_FILE)" - echo "Number of tags: $(grep -c "" $CONF_FILE)" - echo "Number of tags: $(grep -c "" $CONF_FILE)" - echo "Number of tags: $(grep -c "" $CONF_FILE)" - echo "-----------------------------------" - echo "First 5 instances of tags:" - grep -n "" $CONF_FILE | head -5 - echo "-----------------------------------" - echo "Testing sed command effectiveness:" - cp $CONF_FILE /tmp/test_config.xml - sed -i 's///g' /tmp/test_config.xml - sed -i 's/<\/n>/<\/name>/g' /tmp/test_config.xml - echo "After sed, remaining tags: $(grep -c "" /tmp/test_config.xml)" - echo "After sed, remaining tags: $(grep -c "" /tmp/test_config.xml)" - echo "-----------------------------------" - - return: - type: info - message: "${response.out}" - clean_cert_references: - - cmd[cp]: - user: root - commands: - - | - DOMAIN="${settings.domain}" - CONF_FILE="/var/www/conf/httpd_config.xml" - BACKUP_FILE="${CONF_FILE}.bak.$(date +%Y%m%d%H%M%S)" - - # Create backup - cp "$CONF_FILE" "$BACKUP_FILE" - echo "Created backup at $BACKUP_FILE" - - # Create temp file for processing - TEMP_FILE=$(mktemp) - - # Clean up certificate references - echo "Cleaning up certificate references for $DOMAIN..." - - # Use awk to process the file - awk -v domain="$DOMAIN" ' - BEGIN { in_listener = 0; is_shared = 0; } - - // { - in_listener = 1; - print; - next; - } - - in_listener && (/HTTPS<\/name>/ || /HTTPS-ipv6<\/name>/) { - is_shared = 1; - print; - next; - } - - in_listener && is_shared && /.*live\/'"$DOMAIN"'\/.*<\/keyFile>/ { - print " /var/www/conf/default.key"; - next; - } - - in_listener && is_shared && /.*live\/'"$DOMAIN"'\/.*<\/certFile>/ { - print " /var/www/conf/default.crt"; - next; - } - - /<\/listener>/ { - in_listener = 0; - is_shared = 0; - print; - next; - } - - { print; } - ' "$CONF_FILE" > "$TEMP_FILE" - - # Verify the file is valid - if grep -q "" "$TEMP_FILE" && grep -q "" "$TEMP_FILE"; then - # Apply changes - cat "$TEMP_FILE" > "$CONF_FILE" - rm -f "$TEMP_FILE" - echo "Certificate references cleaned up successfully." - - # Restart LiteSpeed - echo "Restarting LiteSpeed..." - systemctl restart lsws - else - echo "ERROR: Generated config is invalid. Keeping original configuration." - rm -f "$TEMP_FILE" - exit 1 - fi - - - return: - type: success - message: "Certificate references for '${settings.domain}' have been cleaned up from shared listeners." responses: enableSuccess: diff --git a/scripts/ssl-manager/ssl_manager.sh b/scripts/ssl-manager/ssl_manager.sh index 2627d0d..432b937 100644 --- a/scripts/ssl-manager/ssl_manager.sh +++ b/scripts/ssl-manager/ssl_manager.sh @@ -122,26 +122,16 @@ update_litespeed_config() { cp "$config_file" "$backup_file" log "Created backup of LiteSpeed configuration at $backup_file" - # Normalize XML tags - replace with throughout the config - log "Normalizing XML tags in configuration..." - if grep -q "" "$config_file"; then - log "Found tags in config, normalizing to ..." - sed -i 's///g' "$config_file" - sed -i 's/<\/n>/<\/name>/g' "$config_file" - fi - # Clean up any redundant listeners for this domain cleanup_redundant_listeners "$config_file" "$DOMAIN" - # Create domain-specific virtual host - MUST create before listener so it exists - log "Creating domain-specific virtual host for $DOMAIN..." + # Create domain-specific virtual host if ! create_domain_virtual_host "$DOMAIN"; then log "ERROR: Failed to create virtual host for $DOMAIN. Aborting configuration update." return 1 fi - # Create domain-specific listener - depends on virtual host already existing - log "Creating domain-specific listener for $DOMAIN..." + # Create domain-specific listener if ! create_domain_listener "$DOMAIN"; then log "ERROR: Failed to create listener for $DOMAIN. Aborting configuration update." return 1 @@ -726,272 +716,6 @@ restart_litespeed() { return 0 } -# Function to remove SSL certificate and its configuration -remove_ssl_certificate() { - local domain="$1" - local confirm="${2:-no}" - - if [[ -z "$domain" ]]; then - log "Error: Domain parameter is required for certificate removal." - return 1 - fi - - # Check if certificate exists - if [[ ! -d "/etc/letsencrypt/live/$domain" && ! -d "/etc/letsencrypt/archive/$domain" ]]; then - log "Certificate for $domain not found. Nothing to remove." - return 1 - fi - - # Confirm removal if not forced - if [[ "$confirm" != "yes" ]]; then - log "WARNING: This will remove the SSL certificate for $domain and update LiteSpeed configuration." - log "Please run again with --confirm=yes to proceed with removal." - return 1 - fi - - log "Starting removal of SSL certificate for $domain..." - - # 1. Backup LiteSpeed configuration before making changes - local config_file="/var/www/conf/httpd_config.xml" - local vhost_config="/var/www/conf/vhconf.xml" - local timestamp=$(date +%Y%m%d%H%M%S) - local backup_file="${config_file}.removal.${timestamp}" - local vhost_backup="${vhost_config}.removal.${timestamp}" - - cp "$config_file" "$backup_file" - log "Created backup of LiteSpeed configuration at $backup_file" - - if [ -f "$vhost_config" ]; then - cp "$vhost_config" "$vhost_backup" - log "Created backup of virtual host configuration at $vhost_backup" - fi - - # 2. Remove domain-specific listener from LiteSpeed configuration - log "Removing domain-specific listener from LiteSpeed configuration..." - local temp_file=$(mktemp) - if [ ! -f "$temp_file" ]; then - log "ERROR: Failed to create temporary file for configuration update." - return 1 - fi - - # Remove the HTTPS-domain listener section - local domain_pattern="HTTPS-${domain}" - awk -v domain="$domain" -v pattern="$domain_pattern" ' - BEGIN { skip = 0; } - $0 ~ pattern,/<\/listener>/ { - if ($0 ~ pattern) { - skip = 1; - print ""; - } - if ($0 ~ /<\/listener>/ && skip == 1) { - skip = 0; - next; - } - if (skip) next; - } - { if (!skip) print; } - ' "$config_file" > "$temp_file" - - # 3. Remove from domain-specific virtual host if it exists - log "Removing domain-specific virtual host if it exists..." - local vhost_name="${domain//[.]/_}" - - # Check if virtualhost exists (safer approach) - if grep -q "$vhost_name" "$config_file"; then - # Process only if virtual host might exist - local vhost_pattern="$vhost_name" - awk -v vhost="$vhost_name" -v pattern="$vhost_pattern" ' - BEGIN { skip = 0; } - $0 ~ pattern,/<\/virtualHost>/ { - if ($0 ~ pattern) { - skip = 1; - print ""; - } - if ($0 ~ /<\/virtualHost>/ && skip == 1) { - skip = 0; - next; - } - if (skip) next; - } - { if (!skip) print; } - ' "$temp_file" > "${temp_file}.new" - else - log "No virtual host found for ${vhost_name}, skipping this step."; - cp "$temp_file" "${temp_file}.new" - fi - - # 4. Remove any domain mappings from shared listeners - log "Removing domain mappings from shared listeners..." - awk -v domain="$domain" ' - BEGIN { in_vhostmap = 0; skip_vhostmap = 0; vhostmap_buffer = ""; } - // { - in_vhostmap = 1; - vhostmap_buffer = $0 "\n"; - next; - } - in_vhostmap == 1 { - vhostmap_buffer = vhostmap_buffer $0 "\n"; - if ($0 ~ /'"$domain"'<\/domain>/) { - skip_vhostmap = 1; - } - if ($0 ~ /<\/vhostMap>/) { - if (skip_vhostmap == 0) { - printf "%s", vhostmap_buffer; - } else { - print ""; - } - in_vhostmap = 0; - skip_vhostmap = 0; - vhostmap_buffer = ""; - } - next; - } - { print; } - ' "${temp_file}.new" > "${temp_file}.final" - - # 4a. Clean up certificate references in shared listeners - log "Cleaning up certificate references in shared listeners..." - local cert_path="/etc/letsencrypt/live/$domain/" - - # Create a temporary file for processing - local cert_cleanup_temp=$(mktemp) - - # Replace certificate paths in shared listeners - awk -v domain="$domain" -v cert_path="$cert_path" ' - # Inside a listener section - //,/<\/listener>/ { - # Look for HTTPS or HTTPS-ipv6 listeners (shared listeners) - if ($0 ~ /(HTTPS|HTTPS-ipv6)<\/name>/ || $0 ~ /(HTTPS|HTTPS-ipv6)<\/n>/) { - in_shared_listener = 1; - } - - # If in shared listener and line contains certificate paths for this domain, replace them - if (in_shared_listener && $0 ~ cert_path) { - if ($0 ~ /keyFile/) { - print " /var/www/conf/default.key"; - next; - } - if ($0 ~ /certFile/) { - print " /var/www/conf/default.crt"; - next; - } - } - - # End of listener section - if ($0 ~ /<\/listener>/) { - in_shared_listener = 0; - } - } - - # Print all other lines unchanged - { print; } - ' "${temp_file}.final" > "$cert_cleanup_temp" - - # If the temporary file is valid, use it - if [ -s "$cert_cleanup_temp" ] && grep -q "" "$cert_cleanup_temp"; then - mv "$cert_cleanup_temp" "${temp_file}.final" - log "Certificate references in shared listeners cleaned up." - else - log "WARNING: Failed to clean up certificate references. Keeping original configuration." - rm -f "$cert_cleanup_temp" - fi - - # Verify the processed file is valid - if [ ! -s "${temp_file}.final" ]; then - log "ERROR: Generated configuration is empty. Keeping original configuration." - rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final" - return 1 - fi - - # Check for basic XML validity (main structure tags) - if ! grep -q "" "${temp_file}.final" || ! grep -q "" "${temp_file}.final"; then - log "ERROR: Generated configuration appears invalid. Keeping original configuration." - rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final" - return 1 - fi - - # Apply changes - cp "${temp_file}.final" "$config_file" - rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final" - - # 5. Clean up any references in vhconf.xml files - log "Cleaning up references in vhost configuration files..." - find /var/www/conf -name "vhconf.xml" -type f -exec grep -l "$domain" {} \; | while read vhconf_file; do - log "Cleaning references in $vhconf_file..." - sed -i "/$domain/d" "$vhconf_file" - done - - # 6. Use certbot to revoke and delete the certificate - log "Revoking and removing certificate using Certbot..." - if certbot revoke --cert-name "$domain" --delete-after-revoke --non-interactive; then - log "Certificate for $domain successfully revoked and removed." - else - # If certbot revoke fails, try direct removal - log "Certbot revoke failed. Attempting direct removal of certificate files..." - rm -rf "/etc/letsencrypt/live/$domain" "/etc/letsencrypt/archive/$domain" "/etc/letsencrypt/renewal/$domain.conf" - - # Remove any symlinks that might point to the domain - find /etc/letsencrypt -type l -exec ls -l {} \; | grep "$domain" | cut -d " " -f 9 | xargs -r rm - - log "Certificate files for $domain removed directly." - fi - - # 7. Clean up Apache configuration if exists (some servers might have Apache installed) - if [ -d "/etc/apache2" ]; then - log "Checking for Apache configuration references..." - find /etc/apache2 -name "*.conf" -type f -exec grep -l "$domain" {} \; | while read apache_conf; do - log "Cleaning references in $apache_conf..." - sed -i "/$domain/d" "$apache_conf" - done - elif [ -d "/etc/httpd" ]; then - log "Checking for Apache configuration references..." - find /etc/httpd -name "*.conf" -type f -exec grep -l "$domain" {} \; | while read apache_conf; do - log "Cleaning references in $apache_conf..." - sed -i "/$domain/d" "$apache_conf" - done - fi - - # 8. Clean up LiteSpeed logs for this domain - log "Cleaning up log files for $domain..." - if [ -d "/var/log/lsws/" ]; then - find /var/log/lsws/ -name "*$domain*" -type f -delete 2>/dev/null || true - else - log "LiteSpeed log directory '/var/log/lsws/' not found, skipping log cleanup." - fi - - # 9. Clean related cache files - log "Cleaning related cache files..." - if [ -d "/var/www/webroot/ROOT/.well-known/acme-challenge/" ]; then - find /var/www/webroot/ROOT/.well-known/acme-challenge/ -type f -delete 2>/dev/null || true - else - log "ACME challenge directory not found, skipping cache cleanup." - fi - - # 10. Restart LiteSpeed only if it's running and configuration was changed - local config_changed=false - if grep -q "removed by ssl_manager.sh" "$config_file"; then - config_changed=true - fi - - if $config_changed; then - log "Configuration changes detected. Restarting LiteSpeed to apply changes..." - if restart_litespeed; then - log "LiteSpeed restarted successfully after certificate removal." - else - log "WARNING: Failed to restart LiteSpeed after certificate removal. Manual restart may be required." - # Don't return error, continue with the successful certificate removal - fi - else - log "No configuration changes detected. Skipping LiteSpeed restart." - fi - - # 11. Send email notification if configured - send_email "$domain SSL Certificate Removed" "The SSL certificate for $domain has been successfully removed from the server and all related configuration has been cleaned up." - - log "SSL certificate removal completed successfully for $domain." - return 0 -} - # Parse input parameters for arg in "$@"; do case $arg in @@ -1004,12 +728,6 @@ for arg in "$@"; do --email=*) EMAIL="${arg#*=}" ;; - --remove-cert=*) - REMOVE_CERT="${arg#*=}" - ;; - --confirm=*) - CONFIRM="${arg#*=}" - ;; *) echo "Invalid argument: $arg" exit 1 @@ -1017,14 +735,6 @@ for arg in "$@"; do esac done -# Check for certificate removal request -if [[ -n "${REMOVE_CERT:-}" ]]; then - if [[ "${REMOVE_CERT}" == "yes" ]]; then - remove_ssl_certificate "${DOMAIN}" "${CONFIRM:-no}" - exit $? - fi -fi - # Input validation log "Validating inputs..." if [[ -z "${PUBLIC_IP:-}" || -z "${DOMAIN:-}" ]]; then @@ -1092,11 +802,6 @@ install_xml_tools if $CERTBOT_CMD; then log "SSL certificate issued successfully for $DOMAIN." - # Fix any inconsistent XML tags first - log "Ensuring XML tag consistency in LiteSpeed configuration..." - sed -i 's///g' /var/www/conf/httpd_config.xml - sed -i 's/<\/n>/<\/name>/g' /var/www/conf/httpd_config.xml - # Update LiteSpeed config with enhanced safety if update_litespeed_config; then restart_litespeed