Revert

2025-03-22 01:29:22 +08:00 · 2025-03-22 01:29:22 +08:00 · a81cac18bf
parent 0cd3b07c30
commit a81cac18bf
2 changed files with 836 additions and 639 deletions
--- a/mbadmin.jps
+++ b/mbadmin.jps
--- a/scripts/ssl-manager/ssl_manager.sh
+++ b/scripts/ssl-manager/ssl_manager.sh
@ -716,6 +716,198 @@ restart_litespeed() {
    return 0
 }

+# Function to remove SSL certificate and its configuration
+remove_ssl_certificate() {
+    local domain="$1"
+    local confirm="${2:-no}"
+    
+    if [[ -z "$domain" ]]; then
+        log "Error: Domain parameter is required for certificate removal."
+        return 1
+    fi
+    
+    # Check if certificate exists
+    if [[ ! -d "/etc/letsencrypt/live/$domain" && ! -d "/etc/letsencrypt/archive/$domain" ]]; then
+        log "Certificate for $domain not found. Nothing to remove."
+        return 1
+    fi
+    
+    # Confirm removal if not forced
+    if [[ "$confirm" != "yes" ]]; then
+        log "WARNING: This will remove the SSL certificate for $domain and update LiteSpeed configuration."
+        log "Please run again with --confirm=yes to proceed with removal."
+        return 1
+    fi
+    
+    log "Starting removal of SSL certificate for $domain..."
+    
+    # 1. Backup LiteSpeed configuration before making changes
+    local config_file="/var/www/conf/httpd_config.xml"
+    local vhost_config="/var/www/conf/vhconf.xml"
+    local timestamp=$(date +%Y%m%d%H%M%S)
+    local backup_file="${config_file}.removal.${timestamp}"
+    local vhost_backup="${vhost_config}.removal.${timestamp}"
+    
+    cp "$config_file" "$backup_file"
+    log "Created backup of LiteSpeed configuration at $backup_file"
+    
+    if [ -f "$vhost_config" ]; then
+        cp "$vhost_config" "$vhost_backup"
+        log "Created backup of virtual host configuration at $vhost_backup"
+    fi
+    
+    # 2. Remove domain-specific listener from LiteSpeed configuration
+    log "Removing domain-specific listener from LiteSpeed configuration..."
+    local temp_file=$(mktemp)
+    if [ ! -f "$temp_file" ]; then
+        log "ERROR: Failed to create temporary file for configuration update."
+        return 1
+    fi
+    
+    # Remove the HTTPS-domain listener section
+    awk -v domain="$domain" '
+    BEGIN { skip = 0; }
+    /<name>HTTPS-'"$domain"'<\/name>/,/<\/listener>/ { 
+        if ($0 ~ /<name>HTTPS-'"$domain"'<\/name>/) { 
+            skip = 1; 
+            print "<!-- Listener for " domain " removed by ssl_manager.sh -->";
+        }
+        if ($0 ~ /<\/listener>/ && skip == 1) { 
+            skip = 0; 
+            next;
+        }
+        if (skip) next;
+    }
+    { if (!skip) print; }
+    ' "$config_file" > "$temp_file"
+    
+    # 3. Remove from domain-specific virtual host if it exists
+    log "Removing domain-specific virtual host if it exists..."
+    local vhost_name="${domain//[.]/_}"
+    
+    awk -v vhost="$vhost_name" '
+    BEGIN { skip = 0; }
+    /<name>'"$vhost"'<\/name>/,/<\/virtualHost>/ { 
+        if ($0 ~ /<name>'"$vhost"'<\/name>/) { 
+            skip = 1; 
+            print "<!-- VirtualHost for " vhost " removed by ssl_manager.sh -->";
+        }
+        if ($0 ~ /<\/virtualHost>/ && skip == 1) { 
+            skip = 0; 
+            next;
+        }
+        if (skip) next;
+    }
+    { if (!skip) print; }
+    ' "$temp_file" > "${temp_file}.new"
+    
+    # 4. Remove any domain mappings from shared listeners
+    log "Removing domain mappings from shared listeners..."
+    awk -v domain="$domain" '
+    BEGIN { in_vhostmap = 0; skip_vhostmap = 0; vhostmap_buffer = ""; }
+    /<vhostMap>/ { 
+        in_vhostmap = 1; 
+        vhostmap_buffer = $0 "\n"; 
+        next; 
+    }
+    in_vhostmap == 1 { 
+        vhostmap_buffer = vhostmap_buffer $0 "\n";
+        if ($0 ~ /<domain>'"$domain"'<\/domain>/) {
+            skip_vhostmap = 1;
+        }
+        if ($0 ~ /<\/vhostMap>/) {
+            if (skip_vhostmap == 0) {
+                printf "%s", vhostmap_buffer;
+            } else {
+                print "<!-- Domain mapping for " domain " removed -->";
+            }
+            in_vhostmap = 0;
+            skip_vhostmap = 0;
+            vhostmap_buffer = "";
+        }
+        next;
+    }
+    { print; }
+    ' "${temp_file}.new" > "${temp_file}.final"
+    
+    # Verify the processed file is valid
+    if [ ! -s "${temp_file}.final" ]; then
+        log "ERROR: Generated configuration is empty. Keeping original configuration."
+        rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final"
+        return 1
+    fi
+    
+    # Check for basic XML validity (main structure tags)
+    if ! grep -q "<httpServerConfig>" "${temp_file}.final" || ! grep -q "</httpServerConfig>" "${temp_file}.final"; then
+        log "ERROR: Generated configuration appears invalid. Keeping original configuration."
+        rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final"
+        return 1
+    fi
+    
+    # Apply changes
+    cp "${temp_file}.final" "$config_file"
+    rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final"
+    
+    # 5. Clean up any references in vhconf.xml files
+    log "Cleaning up references in vhost configuration files..."
+    find /var/www/conf -name "vhconf.xml" -type f -exec grep -l "$domain" {} \; | while read vhconf_file; do
+        log "Cleaning references in $vhconf_file..."
+        sed -i "/$domain/d" "$vhconf_file"
+    done
+    
+    # 6. Use certbot to revoke and delete the certificate
+    log "Revoking and removing certificate using Certbot..."
+    if certbot revoke --cert-name "$domain" --delete-after-revoke --non-interactive; then
+        log "Certificate for $domain successfully revoked and removed."
+    else
+        # If certbot revoke fails, try direct removal
+        log "Certbot revoke failed. Attempting direct removal of certificate files..."
+        rm -rf "/etc/letsencrypt/live/$domain" "/etc/letsencrypt/archive/$domain" "/etc/letsencrypt/renewal/$domain.conf"
+        
+        # Remove any symlinks that might point to the domain
+        find /etc/letsencrypt -type l -exec ls -l {} \; | grep "$domain" | cut -d " " -f 9 | xargs -r rm
+        
+        log "Certificate files for $domain removed directly."
+    fi
+    
+    # 7. Clean up Apache configuration if exists (some servers might have Apache installed)
+    if [ -d "/etc/apache2" ]; then
+        log "Checking for Apache configuration references..."
+        find /etc/apache2 -name "*.conf" -type f -exec grep -l "$domain" {} \; | while read apache_conf; do
+            log "Cleaning references in $apache_conf..."
+            sed -i "/$domain/d" "$apache_conf"
+        done
+    elif [ -d "/etc/httpd" ]; then
+        log "Checking for Apache configuration references..."
+        find /etc/httpd -name "*.conf" -type f -exec grep -l "$domain" {} \; | while read apache_conf; do
+            log "Cleaning references in $apache_conf..."
+            sed -i "/$domain/d" "$apache_conf"
+        done
+    fi
+    
+    # 8. Clean up LiteSpeed logs for this domain
+    log "Cleaning up log files for $domain..."
+    find /var/log/lsws/ -name "*$domain*" -type f -delete
+    
+    # 9. Clean related cache files
+    log "Cleaning related cache files..."
+    find /var/www/webroot/ROOT/.well-known/acme-challenge/ -type f -delete 2>/dev/null
+    
+    # 10. Restart LiteSpeed to apply configuration changes
+    if restart_litespeed; then
+        log "LiteSpeed restarted successfully after certificate removal."
+    else
+        log "ERROR: Failed to restart LiteSpeed after certificate removal."
+        return 1
+    fi
+    
+    # 11. Send email notification if configured
+    send_email "$domain SSL Certificate Removed" "The SSL certificate for $domain has been successfully removed from the server and all related configuration has been cleaned up."
+    
+    log "SSL certificate removal completed successfully for $domain."
+    return 0
+}
+
 # Parse input parameters
 for arg in "$@"; do
    case $arg in