SSL Fixes

mbadmin.jps

@@ -86,6 +86,8 @@ onInstall:
         - if [ ! -f ssl_remover.sh ]; then echo "Failed to download ssl_remover.sh"; exit 1; fi
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/xmlchecker.sh
         - if [ ! -f xmlchecker.sh ]; then echo "Failed to download xmlchecker.sh"; exit 1; fi
+        - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/bunny.creds
+        - if [ ! -f bunny.creds ]; then echo "Failed to download bunny.creds"; exit 1; fi
         # Download phpMyAdmin gateway script
         - cd /home/litespeed/mbmanager/pma-gateway
         - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/pma-gateway/create_pma_gateway.sh

scripts/ssl-manager/bunny.creds

@@ -0,0 +1 @@
+ZG5zX2J1bm55X2FwaV9rZXkgPSBlYmY5Mjc4ZC0xMjNiLTQ4MzEtOTg5Mi1iMGMyZDFhNjcwMTc1NmY4NzIxZS1iNjg4LTRhZGQtOTUwOC0wNDQ0ZWQwYWYzMDcKZG5zX2J1bm55X2FjY291bnRfZW1haWwgPSB0b255QG1pZ2h0eWJveC5pbw==

scripts/ssl-manager/ssl_manager.sh

@@ -178,25 +178,32 @@ validate_http_access() {
 
 issue_certificate_dns() {
     local domain="$1"
-    local creds_file="/etc/letsencrypt/bunny.ini"
+    local encoded_creds_file="/home/litespeed/mbmanager/ssl-manager/bunny.creds"
+    local temp_creds_file="/tmp/bunny.ini.$$"
 
-    if [[ ! -f "$creds_file" ]]; then
-        log_error "DNS challenge credentials file not found at '$creds_file'."
-        log_error "Please create it with the following content:"
-        log_error "dns_bunny_api_key = your_api_key_here"
-        log_error "dns_bunny_account_email = your_email@example.com"
+    # Ensure the temporary credentials file is removed on exit
+    trap 'sudo rm -f "$temp_creds_file"' RETURN
+
+    if [[ ! -f "$encoded_creds_file" ]]; then
+        log_error "Encoded credentials file not found at '$encoded_creds_file'. The addon may be installed incorrectly."
+        SCRIPT_EXIT_STATUS=1; return 1
+    fi
+
+    # Decode credentials and write to temporary file
+    if ! base64 --decode "$encoded_creds_file" | sudo tee "$temp_creds_file" > /dev/null; then
+        log_error "Failed to decode or write temporary credentials file."
         SCRIPT_EXIT_STATUS=1; return 1
     fi
 
     # Ensure permissions are correct for certbot
-    sudo chmod 600 "$creds_file"
+    sudo chmod 600 "$temp_creds_file"
 
     # Extract email from credentials file for the --email flag
     local email
-    email=$(grep "dns_bunny_account_email" "$creds_file" | sed 's/.*= *//')
+    email=$(grep "dns_bunny_account_email" "$temp_creds_file" | sed 's/.*= *//')
 
     if [[ -z "$email" ]]; then
-        log_error "dns_bunny_account_email not set in '$creds_file'."
+        log_error "dns_bunny_account_email not set in decoded credentials."
         SCRIPT_EXIT_STATUS=1; return 1
     fi
 
@@ -204,7 +211,7 @@ issue_certificate_dns() {
     
     sudo certbot certonly \
         --dns-bunny \
-        --dns-bunny-credentials "$creds_file" \
+        --dns-bunny-credentials "$temp_creds_file" \
         -d "$domain" \
         --non-interactive --agree-tos --email "$email" || {
         log_error "Failed to issue certificate for '$domain' using certbot DNS challenge."