Get the most out of your Centmin Mod LEMP stack
Become a Member

Stable Branch acmetool.sh 1.0.92 backport updates in 124.00stable

Discussion in 'Centmin Mod Github Commits' started by eva2000, Sep 25, 2023.

  1. eva2000

    eva2000 Administrator Staff Member

    53,507
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:39 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    acmetool.sh 1.0.92 backport updates in 124.00stable


    - backport acmetool.sh 1.0.89 - 1.0.92 changes from 130.00beta01
    - fix reissue-only routine when DUALCERTS='y' is set https://community.centminmod.com/threads/replacing-with-new-cf-token.24091/#post-97192
    - when acmetool.sh reissue-only option used with DUALCERTS='y' set, it mistakenly uncomments the first uncommented ssl_trusted_certificate instance in existing Nginx vhosts that use DUACERTS='y', so there's now a duplicate active ssl_trusted_certificate instance causing nginx to fail reloading. This update fixes the issue by skipping the accidental uncommenting of those ssl_trusted_certificate instance in existing Nginx vhosts
    - ensure idn command exists if libidn isn't installed
    - update addons/acmetool.sh to support acme.sh --pre-hook
    - add /usr/local/src/centminmod/tools/pre-acme-hooks.sh tool that is called in acme.sh --pre-hook commands at issuance of SSL certificate.
    - The tools/pre-acme-hooks.sh script checks to see if Nginx vhost's root directive path in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf matches and is same path defined by variable Le_Webroot in /root/.acme.sh/domain.com/domain.com.conf when renewing or reissuing a SSL certificate in case end user changes Nginx vhost's root directive path to a non-standard path and results in failed Letsencrypt SSL issuance domain webroot validation failures. If Nginx vhost's root directive path is a non-standard path edited by end user, the tools/pre-acme-hook.sh script will run before renewal/reissues happen and auto update the registered web root path defined by Le_Webroot variable in acme.sh /root/.acme.sh/domain.com/domain.com.conf config file so it matches the web root path set by Nginx vhost's root directive path.
    - this update will only apply to new Nginx vhost HTTPS created sites and won't apply to existing created Nginx vhost HTTPS sites already created

    When running Nginx vhost HTTPS creation routines via centmin.sh menu option 2, 22, nv command line or addons/acmetool.sh the logs will show an additional steps to run acme.sh --pre-hook to /usr/local/src/centminmod/tools/pre-acme-hooks.sh like below:

    [Thu Jun 1 04:29:27 CDT 2023] Run pre hook:'/usr/local/src/centminmod/tools/pre-acme-hooks.sh all-check domain.com'
    Nginx root path: /home/nginx/domains/domain.com/public
    Le_Webroot: /home/nginx/domains/domain.com/public
    The root paths match. Proceeding with the acme.sh operation.

    and if DUAL_CERTS='y' enabled for both RSA and ECC SSL certificates would see

    Nginx root path: /home/nginx/domains/domain.com/public
    Le_Webroot: /home/nginx/domains/domain.com/public
    ECC Le_Webroot: /home/nginx/domains/domain.com/public
    The root paths match. Proceeding with the acme.sh operation.

    Continue reading...

    124.00stable branch