tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix LE cert issue

main
Anthony 2025-06-25 00:25:49 +08:00
parent cd0bf962db
commit 794a7ea758
1 changed files with 130 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
scripts/install-wordpress.sh
View File

@ -771,8 +771,24 @@ fi
# --- Let's Encrypt SSL Certificate Setup --- # --- Let's Encrypt SSL Certificate Setup ---
info "Setting up Let's Encrypt SSL certificate..." info "Setting up Let's Encrypt SSL certificate..."
# Install certbot if not present # Validate domain is properly set before proceeding
if ! command_exists certbot; then if [[ -z "$DOMAIN" ]]; then
error_exit "Domain variable is empty. Cannot proceed with SSL certificate generation."
fi
if [[ "$DOMAIN" == "localhost" || "$DOMAIN" == "localdomain" ]]; then
warning "Domain is '$DOMAIN' which is not suitable for SSL certificates. Skipping SSL setup."
info "You can manually configure SSL later or re-run with --domain=your-actual-domain.com"
# Skip SSL section entirely
SSL_SKIPPED=true
else
info "Using domain for SSL certificate: $DOMAIN"
SSL_SKIPPED=false
fi
# Only proceed with SSL setup if domain is valid
if [[ "$SSL_SKIPPED" != "true" ]]; then
# Install certbot if not present
if ! command_exists certbot; then
info "Installing certbot for Let's Encrypt certificate management..." info "Installing certbot for Let's Encrypt certificate management..."
if command_exists apt-get; then if command_exists apt-get; then
# Debian/Ubuntu # Debian/Ubuntu
@ -789,12 +805,12 @@ if ! command_exists certbot; then
warning "Package manager not detected. Please install certbot manually." warning "Package manager not detected. Please install certbot manually."
info "You can install certbot using: wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto" info "You can install certbot using: wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto"
fi fi
else else
success "Certbot is already installed." success "Certbot is already installed."
fi fi
# Generate SSL certificate # Generate SSL certificate
if command_exists certbot; then if command_exists certbot; then
info "Generating Let's Encrypt SSL certificate for domain: $DOMAIN" info "Generating Let's Encrypt SSL certificate for domain: $DOMAIN"
# Create a simple verification file for webroot authentication # Create a simple verification file for webroot authentication
@ -806,16 +822,38 @@ if command_exists certbot; then
# Try webroot method first (non-interactive) # Try webroot method first (non-interactive)
info "Attempting SSL certificate generation using webroot method..." info "Attempting SSL certificate generation using webroot method..."
# Check if certificate already exists
if [[ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]]; then
info "SSL certificate already exists for $DOMAIN. Checking if renewal is needed..."
if sudo certbot renew --cert-name="$DOMAIN" --dry-run 2>/dev/null; then
info "Existing SSL certificate is valid and not due for renewal."
SSL_SUCCESS=true
else
info "Existing certificate needs renewal. Attempting to renew..."
if sudo certbot renew --cert-name="$DOMAIN" --force-renewal 2>/dev/null; then
SSL_SUCCESS=true
else
warning "Failed to renew existing SSL certificate."
SSL_SUCCESS=false
fi
fi
else
# Generate new certificate
if sudo certbot certonly \ if sudo certbot certonly \
--webroot \ --webroot \
--webroot-path="$WEBROOT_PATH" \ --webroot-path="$WEBROOT_PATH" \
--email="$WP_ADMIN_EMAIL" \ --email="$WP_ADMIN_EMAIL" \
--agree-tos \ --agree-tos \
--non-interactive \ --non-interactive \
--domains="$DOMAIN" \ --domains="$DOMAIN"; then
--expand; then SSL_SUCCESS=true
else
SSL_SUCCESS=false
fi
fi
success "SSL certificate generated successfully for $DOMAIN" if [[ "$SSL_SUCCESS" == "true" ]]; then
success "SSL certificate is ready for $DOMAIN"
# Set up automatic renewal # Set up automatic renewal
info "Setting up automatic SSL certificate renewal..." info "Setting up automatic SSL certificate renewal..."
@ -823,22 +861,38 @@ if command_exists certbot; then
# Create renewal cron job if it doesn't exist # Create renewal cron job if it doesn't exist
CRON_JOB="0 12 * * * /usr/bin/certbot renew --quiet --post-hook \"systemctl reload lshttpd || systemctl reload apache2 || systemctl reload nginx\"" CRON_JOB="0 12 * * * /usr/bin/certbot renew --quiet --post-hook \"systemctl reload lshttpd || systemctl reload apache2 || systemctl reload nginx\""
if ! sudo crontab -l 2>/dev/null | grep -q "certbot renew"; then if ! sudo crontab -l 2>/dev/null | grep -q "certbot renew"; then
(sudo crontab -l 2>/dev/null; echo "$CRON_JOB") | sudo crontab - if (sudo crontab -l 2>/dev/null; echo "$CRON_JOB") | sudo crontab - 2>/dev/null; then
success "Automatic SSL renewal configured (daily check at 12:00 PM)" success "Automatic SSL renewal configured (daily check at 12:00 PM)"
else
warning "Failed to configure automatic SSL renewal cron job"
fi
else else
info "SSL renewal cron job already exists." info "SSL renewal cron job already exists."
fi fi
# For LiteSpeed, we need to restart the service to pick up new certificates # For LiteSpeed, we need to restart the service to pick up new certificates
info "Restarting LiteSpeed web server to apply SSL certificate..." info "Restarting LiteSpeed web server to apply SSL certificate..."
LITESPEED_RESTARTED=false
if sudo systemctl is-active lshttpd &>/dev/null; then if sudo systemctl is-active lshttpd &>/dev/null; then
sudo systemctl restart lshttpd || warning "Failed to restart lshttpd service" if sudo systemctl restart lshttpd 2>/dev/null; then
success "LiteSpeed restarted successfully" success "LiteSpeed (lshttpd) restarted successfully"
elif sudo systemctl is-active litespeed &>/dev/null; then LITESPEED_RESTARTED=true
sudo systemctl restart litespeed || warning "Failed to restart litespeed service"
success "LiteSpeed restarted successfully"
else else
warning "LiteSpeed service not detected or not running. You may need to manually configure SSL in LiteSpeed admin panel." warning "Failed to restart lshttpd service"
fi
elif sudo systemctl is-active litespeed &>/dev/null; then
if sudo systemctl restart litespeed 2>/dev/null; then
success "LiteSpeed (litespeed) restarted successfully"
LITESPEED_RESTARTED=true
else
warning "Failed to restart litespeed service"
fi
else
warning "LiteSpeed service not detected or not running."
fi
if [[ "$LITESPEED_RESTARTED" != "true" ]]; then
warning "LiteSpeed service restart failed or not attempted. You may need to manually configure SSL in LiteSpeed admin panel."
info "SSL certificate location: /etc/letsencrypt/live/$DOMAIN/" info "SSL certificate location: /etc/letsencrypt/live/$DOMAIN/"
info "Certificate file: /etc/letsencrypt/live/$DOMAIN/fullchain.pem" info "Certificate file: /etc/letsencrypt/live/$DOMAIN/fullchain.pem"
info "Private key file: /etc/letsencrypt/live/$DOMAIN/privkey.pem" info "Private key file: /etc/letsencrypt/live/$DOMAIN/privkey.pem"
@ -849,9 +903,12 @@ if command_exists certbot; then
warning "sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN' --email '$WP_ADMIN_EMAIL' --agree-tos" warning "sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN' --email '$WP_ADMIN_EMAIL' --agree-tos"
info "Or configure SSL manually in your web server control panel." info "Or configure SSL manually in your web server control panel."
fi fi
else else
warning "Certbot not available. SSL certificate not generated." warning "Certbot not available. SSL certificate not generated."
info "Please install certbot manually and run: sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN'" info "Please install certbot manually and run: sudo certbot --webroot -w '$WP_ROOT' -d '$DOMAIN'"
fi
else
info "SSL certificate setup skipped due to invalid domain."
fi fi
# --- Final Summary --- # --- Final Summary ---