tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fallback to listener cert when PMA certbot unavailable

main
Anthony 2026-02-26 22:06:02 +08:00
parent e59dbc9af0
commit 5dd63f99e7
1 changed files with 53 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
scripts/pma-gateway/create_pma_gateway.sh
View File

@ -116,6 +116,7 @@ NEEDS_RESTART=0
LE_LIVE_DIR="/etc/letsencrypt/live" LE_LIVE_DIR="/etc/letsencrypt/live"
LE_CERT_DIR="" LE_CERT_DIR=""
CERT_DOMAIN_USED="" CERT_DOMAIN_USED=""
CERT_SOURCE="Let's Encrypt"
# Find an existing certificate for the first matching candidate. # Find an existing certificate for the first matching candidate.
for candidate_host in "${DOMAIN_CANDIDATES[@]}"; do for candidate_host in "${DOMAIN_CANDIDATES[@]}"; do
@ -216,10 +217,8 @@ if [[ -z "$LE_CERT_DIR" ]]; then
fi fi
if [[ -z "$CERTBOT_CMD" ]]; then if [[ -z "$CERTBOT_CMD" ]]; then
echo "FATAL: certbot is not available and no existing Let's Encrypt certificate was found for '$ENV_HOST'." >&2 echo "WARNING: certbot is unavailable for on-demand issuance. Will try existing listener certificate files as fallback." >&2
exit 1 else
fi
WEBROOT_PATH="/var/www/webroot/ROOT" WEBROOT_PATH="/var/www/webroot/ROOT"
ACME_CHALLENGE_DIR="$WEBROOT_PATH/.well-known/acme-challenge" ACME_CHALLENGE_DIR="$WEBROOT_PATH/.well-known/acme-challenge"
sudo mkdir -p "$ACME_CHALLENGE_DIR" sudo mkdir -p "$ACME_CHALLENGE_DIR"
@ -248,18 +247,38 @@ if [[ -z "$LE_CERT_DIR" ]]; then
done done
fi fi
fi fi
fi
# Set the final key and cert file paths based on the found directory # Set the final key and cert file paths based on the found directory
if [[ -n "$LE_CERT_DIR" ]]; then if [[ -n "$LE_CERT_DIR" ]]; then
LE_KEY_FILE="$LE_CERT_DIR/privkey.pem" LE_KEY_FILE="$LE_CERT_DIR/privkey.pem"
LE_CERT_FILE="$LE_CERT_DIR/fullchain.pem" LE_CERT_FILE="$LE_CERT_DIR/fullchain.pem"
else else
echo "FATAL: Let's Encrypt certificate directory could not be found for ENV_HOST: $ENV_HOST" >&2 FALLBACK_KEY_FILE=""
echo " Checked candidates: ${DOMAIN_CANDIDATES[*]}" >&2 FALLBACK_CERT_FILE=""
echo " Checked specific path: $LE_LIVE_DIR/$ENV_HOST" >&2
echo " Checked suffixed paths: $LE_LIVE_DIR/${ENV_HOST}-*" >&2 if [[ -f "/var/www/ssl/litespeed.key" ]] && [[ -f "/var/www/ssl/litespeed.crt" ]]; then
FALLBACK_KEY_FILE="/var/www/ssl/litespeed.key"
FALLBACK_CERT_FILE="/var/www/ssl/litespeed.crt"
elif [[ -f "/usr/local/lsws/conf/server.key" ]] && [[ -f "/usr/local/lsws/conf/server.crt" ]]; then
FALLBACK_KEY_FILE="/usr/local/lsws/conf/server.key"
FALLBACK_CERT_FILE="/usr/local/lsws/conf/server.crt"
fi
if [[ -n "$FALLBACK_KEY_FILE" ]] && [[ -n "$FALLBACK_CERT_FILE" ]]; then
LE_KEY_FILE="$FALLBACK_KEY_FILE"
LE_CERT_FILE="$FALLBACK_CERT_FILE"
CERT_SOURCE="Listener fallback"
echo "WARNING: No Let's Encrypt certificate available for '$ENV_HOST'. Using existing listener certificate files instead." >&2
else
echo "FATAL: No usable certificate files were found for PMA gateway TLS." >&2
echo " Checked Let's Encrypt candidates: ${DOMAIN_CANDIDATES[*]}" >&2
echo " Checked LE exact path: $LE_LIVE_DIR/$ENV_HOST" >&2
echo " Checked LE suffixed paths: $LE_LIVE_DIR/${ENV_HOST}-*" >&2
echo " Checked listener fallback paths: /var/www/ssl/litespeed.{key,crt}, /usr/local/lsws/conf/server.{key,crt}" >&2
exit 1 exit 1
fi fi
fi
# Check if the Let's Encrypt files exist at the determined paths # Check if the Let's Encrypt files exist at the determined paths
if [[ ! -f "$LE_KEY_FILE" ]] || [[ ! -f "$LE_CERT_FILE" ]]; then if [[ ! -f "$LE_KEY_FILE" ]] || [[ ! -f "$LE_CERT_FILE" ]]; then
@ -268,7 +287,8 @@ if [[ ! -f "$LE_KEY_FILE" ]] || [[ ! -f "$LE_CERT_FILE" ]]; then
echo " Cert: $LE_CERT_FILE" >&2 echo " Cert: $LE_CERT_FILE" >&2
exit 1 exit 1
fi fi
echo "INFO: Using Let's Encrypt certificate paths:" >&2 echo "INFO: Using certificate source: $CERT_SOURCE" >&2
echo "INFO: Using certificate paths:" >&2
echo " Key: $LE_KEY_FILE" >&2 echo " Key: $LE_KEY_FILE" >&2
echo " Cert: $LE_CERT_FILE" >&2 echo " Cert: $LE_CERT_FILE" >&2