#!/bin/bash set -euo pipefail # Log file setup LOG_DIR="/var/log/mb-ssl" LOG_FILE="$LOG_DIR/ssl-remover.log" mkdir -p "$LOG_DIR" chmod 0755 "$LOG_DIR" exec > >(tee -a "$LOG_FILE") 2>&1 # Function to log messages log() { echo "$(date '+%Y-%m-%d %H:%M:%S') $1" } # Email function (same as in ssl_manager.sh) send_email() { local subject="$1" local body="$2" local recipient="${EMAIL:-}" [[ -n "$recipient" ]] && { log "Sending email notification to $recipient..." curl -s "https://api.postmarkapp.com/email" \ -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "X-Postmark-Server-Token: d88b25c4-2fdb-43d3-9097-f6c655a9742b" \ -d "{ \"From\": \"admin@mightybox.io\", \"To\": \"$recipient\", \"Subject\": \"$subject\", \"HtmlBody\": \"$body\", \"MessageStream\": \"outbound\" }" > /dev/null && log "Email sent." || log "Email failed." } } # Backup configuration with timestamp backup_config() { local config_file="/var/www/conf/httpd_config.xml" local backup_dir="/var/www/conf/backups" local timestamp=$(date +%Y%m%d%H%M%S) mkdir -p "$backup_dir" cp "$config_file" "$backup_dir/httpd_config.pre-removal-$timestamp.xml" log "Config backup saved to $backup_dir/httpd_config.pre-removal-$timestamp.xml" } # Remove certificate using Certbot remove_certificate() { local domain="$1" if certbot certificates | grep -q "Domains: $domain"; then log "Removing certificate for $domain..." certbot delete --cert-name "$domain" --non-interactive rm -rf "/etc/letsencrypt/live/$domain"* log "Certificate removed for $domain" else log "No certificate found for $domain" fi } # Remove listeners and associated configurations cleanup_listeners() { local domain="$1" local config_file="/var/www/conf/httpd_config.xml" local temp_file log "Cleaning up listeners for $domain..." # Remove listeners sed -i "/HTTPS-$domain<\/name>/,/<\/listener>/d" "$config_file" # Remove vhostMap entries sed -i "/$domain<\/domain>/,/<\/vhostMap>/d" "$config_file" # Remove related virtual host local vhost_name="${domain//./_}" sed -i "/$vhost_name<\/name>/,/<\/virtualHost>/d" "$config_file" # Cleanup empty listenerList tags temp_file=$(mktemp) awk '// {flag=1; print; next} /<\/listenerList>/ {flag=0; print; next} flag && /^[[:space:]]*$/ {next} {print}' "$config_file" > "$temp_file" mv "$temp_file" "$config_file" } # Validate XML configuration validate_xml() { local config_file="/var/www/conf/httpd_config.xml" if command -v xmllint >/dev/null; then log "Validating XML configuration..." if ! xmllint --noout "$config_file"; then log "ERROR: Invalid XML configuration after cleanup. Check backups." return 1 fi fi return 0 } # Restart LiteSpeed if needed restart_litespeed() { log "Restarting LiteSpeed..." systemctl restart lsws && log "LiteSpeed restarted successfully." || log "LiteSpeed restart failed." } # Main execution main() { declare -a DOMAINS # Parse parameters while [[ $# -gt 0 ]]; do case "$1" in --domains=*) IFS=',' read -ra DOMAINS <<< "${1#*=}" shift ;; --email=*) EMAIL="${1#*=}" shift ;; *) echo "Invalid parameter: $1" exit 1 ;; esac done # Validate input if [[ ${#DOMAINS[@]} -eq 0 ]]; then echo "Error: --domains parameter is required" exit 1 fi backup_config for domain in "${DOMAINS[@]}"; do log "Processing domain: $domain" # Validate domain format [[ "$domain" =~ ^([a-zA-Z0-9](-*[a-zA-Z0-9])*\.)+[a-zA-Z]{2,}$ ]] || { log "Invalid domain: $domain" continue } remove_certificate "$domain" cleanup_listeners "$domain" done if validate_xml; then restart_litespeed send_email "SSL Removal Complete" "Successfully removed SSL for domains: ${DOMAINS[*]}" else send_email "SSL Removal Warning" "SSL removed but configuration validation failed for domains: ${DOMAINS[*]}" exit 1 fi } main "$@"