Added JPS remove ssl

added ssl remover shell script
2025-03-22 02:22:40 +08:00 · 2025-03-22 02:21:43 +08:00
3 changed files with 273 additions and 74 deletions
--- a/mbadmin.jps
+++ b/mbadmin.jps
@ -137,6 +137,12 @@ menu:
    action: check_domain_ip
    settings: checkDomainConfig
    successText: "${response.out}"  
  - confirmText: Are you sure you want to remove SSL certificate(s)?
    loadingText: Removing SSL Certificate(s)...
    caption: Remove SSL Certificate
    action: remove_ssl_cert
    settings: sslRemoveConfig
    successText: "${response.out}"
 settings:
  checkDomainConfig:
@ -256,6 +262,13 @@ settings:
        type: text
        caption: Email Address
        required: true
  sslRemoveConfig:
    submitUnchanged: true
    fields:
      - name: domains
        type: text
        caption: Comma-separated Domains
        required: true
 actions:
  dynamic_wp_cli:
@ -570,6 +583,14 @@ actions:
    - return:
        type: info
        message: "${response.out}"
  remove_ssl_cert:
    - cmd[cp]:
        user: root
        commands:
          - bash /home/litespeed/mbmanager/ssl-manager/ssl_remover.sh --domains="${settings.domains}" ${EMAIL:+--email="${EMAIL}"}
    - return:
        type: info
        message: "${response.out}"
 responses:
  enableSuccess:
@ -599,6 +620,10 @@ buttons:
    action: litespeed_update_settings
    caption: Update LiteSpeed Cache Settings
    submitButtonText: Update Cache Settings  
  - settings: sslRemoveConfig
    action: remove_ssl_cert
    caption: Remove SSL Certificates
    submitButtonText: Remove Certificates
 onUninstall:
  - cmd[cp]:
--- a/scripts/ssl-manager/ssl_manager.sh
+++ b/scripts/ssl-manager/ssl_manager.sh
@ -58,14 +58,15 @@ validate_email() {
 # Function to validate DNS resolution
 validate_dns_resolution() {
-    log "Validating DNS resolution for $DOMAIN..."
+    local domain=$1
-    RESOLVED_IPS=$(dig +short "$DOMAIN" A)
+    log "Validating DNS resolution for $domain..."
    RESOLVED_IPS=$(dig +short "$domain" A)
    if echo "$RESOLVED_IPS" | grep -q "$PUBLIC_IP"; then
-        log "DNS validation successful. $DOMAIN resolves to the expected public IP ($PUBLIC_IP)."
+        log "DNS validation successful. $domain resolves to the expected public IP ($PUBLIC_IP)."
        return 0
    else
-        log "DNS validation failed. $DOMAIN does not resolve to the expected public IP ($PUBLIC_IP)."
+        log "DNS validation failed. $domain does not resolve to the expected public IP ($PUBLIC_IP)."
        return 1
    fi
 }
@ -95,7 +96,7 @@ validate_http_access() {
 # Function to validate the domain connection
 validate_domain_connection() {
-    if validate_dns_resolution; then
+    if validate_dns_resolution "$DOMAIN"; then
        log "Domain validation succeeded via DNS."
        return 0
    elif validate_http_access; then
@ -421,7 +422,7 @@ install_xml_tools() {
 # Function to create or update a domain-specific HTTPS listener
 create_domain_listener() {
-    local domain="$1"
+    local domain=$1
    local config_file="/var/www/conf/httpd_config.xml"
    local vhost_name="${domain//[.]/_}"
    local key_file="/etc/letsencrypt/live/$domain/privkey.pem"
@ -717,13 +718,15 @@ restart_litespeed() {
 }
 # Parse input parameters
 declare -a DOMAINS
 for arg in "$@"; do
    case $arg in
        --public-ip=*)
            PUBLIC_IP="${arg#*=}"
            ;;
-        --domain=*)
+        --domains=*)
-            DOMAIN="${arg#*=}"
+            IFS=',' read -ra DOMAINS <<< "${arg#*=}"
            PRIMARY_DOMAIN="${DOMAINS[0]}"
            ;;
        --email=*)
            EMAIL="${arg#*=}"
@ -737,82 +740,93 @@ done
 # Input validation
 log "Validating inputs..."
-if [[ -z "${PUBLIC_IP:-}" || -z "${DOMAIN:-}" ]]; then
+if [[ -z "${PUBLIC_IP:-}" || ${#DOMAINS[@]} -eq 0 ]]; then
-    echo "Error: --public-ip and --domain are mandatory."
+    echo "Error: --public-ip and --domain(s) are mandatory."
    exit 1
 fi
 validate_ip "$PUBLIC_IP" || { echo "Invalid public IP: $PUBLIC_IP"; exit 1; }
-validate_domain "$DOMAIN" || { echo "Invalid domain: $DOMAIN"; exit 1; }
+for domain in "${DOMAINS[@]}"; do
    validate_domain "$domain" || { echo "Invalid domain: $domain"; exit 1; }
 done
 if [[ -n "${EMAIL:-}" ]]; then
    validate_email "$EMAIL" || { echo "Invalid email: $EMAIL"; exit 1; }
 fi
-# Validate the domain connection
+# Main execution loop
-validate_domain_connection
+for DOMAIN in "${DOMAINS[@]}"; do
    log "Processing domain: $DOMAIN"
-# Install Certbot
+    # Validate the domain connection
-log "Installing Certbot..."
+    validate_domain_connection
-if ! command -v certbot > /dev/null; then
+
-    if [[ -f /etc/debian_version ]]; then
+    # Install Certbot
-        apt-get update && apt-get install -y certbot
+    log "Installing Certbot..."
-    elif [[ -f /etc/redhat-release ]]; then
+    if ! command -v certbot > /dev/null; then
-        # Check if it's AlmaLinux or other RHEL derivatives
+        if [[ -f /etc/debian_version ]]; then
-        if grep -q "AlmaLinux" /etc/os-release; then
+            apt-get update && apt-get install -y certbot
-            log "Detected AlmaLinux. Installing EPEL repository and Certbot..."
+        elif [[ -f /etc/redhat-release ]]; then
-            # Install EPEL repository first
+            # Check if it's AlmaLinux or other RHEL derivatives
-            dnf install -y epel-release
+            if grep -q "AlmaLinux" /etc/os-release; then
-            # Install Certbot and Python modules for the webroot plugin
+                log "Detected AlmaLinux. Installing EPEL repository and Certbot..."
-            dnf install -y certbot python3-certbot-apache
+                # Install EPEL repository first
                dnf install -y epel-release
                # Install Certbot and Python modules for the webroot plugin
                dnf install -y certbot python3-certbot-apache
            else
                # Fallback for other RHEL-based systems
                yum install -y certbot
            fi
        else
-            # Fallback for other RHEL-based systems
+            echo "Unsupported OS. Install Certbot manually."
-            yum install -y certbot
+            exit 1
        fi
    fi
    # Check for existing certificate before requesting
    if [[ -d "/etc/letsencrypt/live/$DOMAIN" ]]; then
        log "Certificate for $DOMAIN already exists. Checking expiry..."
        EXPIRY=$(openssl x509 -enddate -noout -in "/etc/letsencrypt/live/$DOMAIN/cert.pem" | cut -d= -f2)
        EXPIRY_EPOCH=$(date -d "$EXPIRY" +%s)
        NOW_EPOCH=$(date +%s)
        DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
        if [[ $DAYS_LEFT -gt 30 ]]; then
            log "Certificate still valid for $DAYS_LEFT days. Skipping renewal."
            update_litespeed_config
            setup_cron_job
            continue
        else
            log "Certificate expires in $DAYS_LEFT days. Proceeding with renewal."
        fi
    fi
    # Modify Certbot command to include all domains
    CERTBOT_CMD="certbot certonly --webroot -w /var/www/webroot/ROOT"
    for domain in "${DOMAINS[@]}"; do
        CERTBOT_CMD+=" -d $domain"
    done
    CERTBOT_CMD+=" --agree-tos --non-interactive"
    [[ -n "${EMAIL:-}" ]] && CERTBOT_CMD+=" --email $EMAIL"
    # After Certbot installation and before existing certificate check
    install_xml_tools
    # Replace the simple reload with the improved function
    if $CERTBOT_CMD; then
        log "SSL certificate issued successfully for $DOMAIN."
        # Update LiteSpeed config with enhanced safety
        if update_litespeed_config; then
            restart_litespeed
            send_email "$DOMAIN SSL Certificate Issued Successfully" "The SSL certificate for $DOMAIN has been successfully installed."
            setup_cron_job
        else
            log "ERROR: Failed to update LiteSpeed configuration. Manually check your configuration."
            send_email "SSL Certificate Installation Warning" "The SSL certificate for $DOMAIN was issued successfully, but there was an error updating the LiteSpeed configuration. Please check your server configuration manually."
        fi
    else
-        echo "Unsupported OS. Install Certbot manually."
+        log "Certbot failed."
        send_email "SSL Certificate Installation Failed" "An error occurred while installing the SSL certificate for $DOMAIN."
        exit 1
    fi
-fi
+done
 # Check for existing certificate before requesting
 if [[ -d "/etc/letsencrypt/live/$DOMAIN" ]]; then
    log "Certificate for $DOMAIN already exists. Checking expiry..."
    EXPIRY=$(openssl x509 -enddate -noout -in "/etc/letsencrypt/live/$DOMAIN/cert.pem" | cut -d= -f2)
    EXPIRY_EPOCH=$(date -d "$EXPIRY" +%s)
    NOW_EPOCH=$(date +%s)
    DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
    if [[ $DAYS_LEFT -gt 30 ]]; then
        log "Certificate still valid for $DAYS_LEFT days. Skipping renewal."
        update_litespeed_config
        setup_cron_job
        exit 0
    else
        log "Certificate expires in $DAYS_LEFT days. Proceeding with renewal."
    fi
 fi
 # Issue SSL certificate
 CERTBOT_CMD="certbot certonly --webroot -w /var/www/webroot/ROOT -d $DOMAIN --agree-tos --non-interactive"
 [[ -n "${EMAIL:-}" ]] && CERTBOT_CMD+=" --email $EMAIL"
 # After Certbot installation and before existing certificate check
 install_xml_tools
 # Replace the simple reload with the improved function
 if $CERTBOT_CMD; then
    log "SSL certificate issued successfully for $DOMAIN."
    # Update LiteSpeed config with enhanced safety
    if update_litespeed_config; then
        restart_litespeed
        send_email "$DOMAIN SSL Certificate Issued Successfully" "The SSL certificate for $DOMAIN has been successfully installed."
        setup_cron_job
    else
        log "ERROR: Failed to update LiteSpeed configuration. Manually check your configuration."
        send_email "SSL Certificate Installation Warning" "The SSL certificate for $DOMAIN was issued successfully, but there was an error updating the LiteSpeed configuration. Please check your server configuration manually."
    fi
 else
    log "Certbot failed."
    send_email "SSL Certificate Installation Failed" "An error occurred while installing the SSL certificate for $DOMAIN."
    exit 1
 fi
--- a/scripts/ssl-manager/ssl_remover.sh
+++ b/scripts/ssl-manager/ssl_remover.sh
@ -0,0 +1,160 @@
 #!/bin/bash
 set -euo pipefail
 # Log file setup
 LOG_DIR="/var/log/mb-ssl"
 LOG_FILE="$LOG_DIR/ssl-remover.log"
 mkdir -p "$LOG_DIR"
 chmod 0755 "$LOG_DIR"
 exec > >(tee -a "$LOG_FILE") 2>&1
 # Function to log messages
 log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') $1"
 }
 # Email function (same as in ssl_manager.sh)
 send_email() {
    local subject="$1"
    local body="$2"
    local recipient="${EMAIL:-}"
    [[ -n "$recipient" ]] && {
        log "Sending email notification to $recipient..."
        curl -s "https://api.postmarkapp.com/email" \
            -X POST \
            -H "Accept: application/json" \
            -H "Content-Type: application/json" \
            -H "X-Postmark-Server-Token: d88b25c4-2fdb-43d3-9097-f6c655a9742b" \
            -d "{
                \"From\": \"admin@mightybox.io\",
                \"To\": \"$recipient\",
                \"Subject\": \"$subject\",
                \"HtmlBody\": \"$body\",
                \"MessageStream\": \"outbound\"
            }" > /dev/null && log "Email sent." || log "Email failed."
    }
 }
 # Backup configuration with timestamp
 backup_config() {
    local config_file="/var/www/conf/httpd_config.xml"
    local backup_dir="/var/www/conf/backups"
    local timestamp=$(date +%Y%m%d%H%M%S)
    mkdir -p "$backup_dir"
    cp "$config_file" "$backup_dir/httpd_config.pre-removal-$timestamp.xml"
    log "Config backup saved to $backup_dir/httpd_config.pre-removal-$timestamp.xml"
 }
 # Remove certificate using Certbot
 remove_certificate() {
    local domain="$1"
    if certbot certificates | grep -q "Domains: $domain"; then
        log "Removing certificate for $domain..."
        certbot delete --cert-name "$domain" --non-interactive
        rm -rf "/etc/letsencrypt/live/$domain"*
        log "Certificate removed for $domain"
    else
        log "No certificate found for $domain"
    fi
 }
 # Remove listeners and associated configurations
 cleanup_listeners() {
    local domain="$1"
    local config_file="/var/www/conf/httpd_config.xml"
    local temp_file
    log "Cleaning up listeners for $domain..."
    # Remove listeners
    sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/d" "$config_file"
    # Remove vhostMap entries
    sed -i "/<domain>$domain<\/domain>/,/<\/vhostMap>/d" "$config_file"
    # Remove related virtual host
    local vhost_name="${domain//./_}"
    sed -i "/<name>$vhost_name<\/name>/,/<\/virtualHost>/d" "$config_file"
    # Cleanup empty listenerList tags
    temp_file=$(mktemp)
    awk '/<listenerList>/ {flag=1; print; next} /<\/listenerList>/ {flag=0; print; next} flag && /^[[:space:]]*$/ {next} {print}' "$config_file" > "$temp_file"
    mv "$temp_file" "$config_file"
 }
 # Validate XML configuration
 validate_xml() {
    local config_file="/var/www/conf/httpd_config.xml"
    if command -v xmllint >/dev/null; then
        log "Validating XML configuration..."
        if ! xmllint --noout "$config_file"; then
            log "ERROR: Invalid XML configuration after cleanup. Check backups."
            return 1
        fi
    fi
    return 0
 }
 # Restart LiteSpeed if needed
 restart_litespeed() {
    log "Restarting LiteSpeed..."
    systemctl restart lsws && log "LiteSpeed restarted successfully." || log "LiteSpeed restart failed."
 }
 # Main execution
 main() {
    declare -a DOMAINS
    # Parse parameters
    while [[ $# -gt 0 ]]; do
        case "$1" in
            --domains=*)
                IFS=',' read -ra DOMAINS <<< "${1#*=}"
                shift
                ;;
            --email=*)
                EMAIL="${1#*=}"
                shift
                ;;
            *)
                echo "Invalid parameter: $1"
                exit 1
                ;;
        esac
    done
    # Validate input
    if [[ ${#DOMAINS[@]} -eq 0 ]]; then
        echo "Error: --domains parameter is required"
        exit 1
    fi
    backup_config
    for domain in "${DOMAINS[@]}"; do
        log "Processing domain: $domain"
        # Validate domain format
        [[ "$domain" =~ ^([a-zA-Z0-9](-*[a-zA-Z0-9])*\.)+[a-zA-Z]{2,}$ ]] || {
            log "Invalid domain: $domain"
            continue
        }
        remove_certificate "$domain"
        cleanup_listeners "$domain"
    done
    if validate_xml; then
        restart_litespeed
        send_email "SSL Removal Complete" "Successfully removed SSL for domains: ${DOMAINS[*]}"
    else
        send_email "SSL Removal Warning" "SSL removed but configuration validation failed for domains: ${DOMAINS[*]}"
        exit 1
    fi
 }
 main "$@"
Author	SHA1	Message	Date
Anthony	bafe7c4092	Added JPS remove ssl	2025-03-22 02:22:40 +08:00
Anthony	0c089d7b07	added ssl remover shell script	2025-03-22 02:21:43 +08:00