Learn about Centmin Mod LEMP Stack today
Register Now

Master Branch acmetool.sh 1.0.92 backport updates in 124.00stable

Discussion in 'Centmin Mod Github Commits' started by eva2000, Sep 25, 2023.

  1. eva2000

    eva2000 Administrator Staff Member

    52,159
    11,995
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,498
    Local Time:
    9:50 PM
    Nginx 1.25.x
    MariaDB 10.x
    acmetool.sh 1.0.92 backport updates in 124.00stable

    - backport acmetool.sh 1.0.89 - 1.0.92 changes from 130.00beta01
    - fix reissue-only routine when DUALCERTS='y' is set https://community.centminmod.com/threads/replacing-with-new-cf-token.24091/#post-97192
    - when acmetool.sh reissue-only option used with DUALCERTS='y' set, it mistakenly uncomments the first uncommented ssl_trusted_certificate instance in existing Nginx vhosts that use DUACERTS='y', so there's now a duplicate active ssl_trusted_certificate instance causing nginx to fail reloading. This update fixes the issue by skipping the accidental uncommenting of those ssl_trusted_certificate instance in existing Nginx vhosts
    - ensure idn command exists if libidn isn't installed
    - update addons/acmetool.sh to support acme.sh --pre-hook
    - add /usr/local/src/centminmod/tools/pre-acme-hooks.sh tool that is called in acme.sh --pre-hook commands at issuance of SSL certificate.
    - The tools/pre-acme-hooks.sh script checks to see if Nginx vhost's root directive path in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf matches and is same path defined by variable Le_Webroot in /root/.acme.sh/domain.com/domain.com.conf when renewing or reissuing a SSL certificate in case end user changes Nginx vhost's root directive path to a non-standard path and results in failed Letsencrypt SSL issuance domain webroot validation failures. If Nginx vhost's root directive path is a non-standard path edited by end user, the tools/pre-acme-hook.sh script will run before renewal/reissues happen and auto update the registered web root path defined by Le_Webroot variable in acme.sh /root/.acme.sh/domain.com/domain.com.conf config file so it matches the web root path set by Nginx vhost's root directive path.
    - this update will only apply to new Nginx vhost HTTPS created sites and won't apply to existing created Nginx vhost HTTPS sites already created

    When running Nginx vhost HTTPS creation routines via centmin.sh menu option 2, 22, nv command line or addons/acmetool.sh the logs will show an additional steps to run acme.sh --pre-hook to /usr/local/src/centminmod/tools/pre-acme-hooks.sh like below:

    [Thu Jun 1 04:29:27 CDT 2023] Run pre hook:'/usr/local/src/centminmod/tools/pre-acme-hooks.sh all-check domain.com'
    Nginx root path: /home/nginx/domains/domain.com/public
    Le_Webroot: /home/nginx/domains/domain.com/public
    The root paths match. Proceeding with the acme.sh operation.

    and if DUAL_CERTS='y' enabled for both RSA and ECC SSL certificates would see


    Nginx root path: /home/nginx/domains/domain.com/public
    Le_Webroot: /home/nginx/domains/domain.com/public
    ECC Le_Webroot: /home/nginx/domains/domain.com/public
    The root paths match. Proceeding with the acme.sh operation.

    Continue reading...

    Centmin Mod Github Master branch

    Master branch is where most recent commits are made as at May 24, 2015.