set certbot to certonly and fixed TLSv1.3
This commit is contained in:
@@ -212,9 +212,9 @@ if [ $sslenable = 1 ]; then
|
||||
msg " Setting up SSL"
|
||||
site_ext=ssl
|
||||
if [ $domainwww = 1 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
elif [ $domainwww = 0 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
fi
|
||||
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
|
||||
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
|
||||
|
||||
@@ -39,6 +39,7 @@ http {
|
||||
gzip_disable "msie6";
|
||||
gzip_buffers 16 8k;
|
||||
|
||||
include /etc/nginx/snippets/ngx-ssl.conf;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
@@ -10,8 +10,8 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name DOMAINname;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
|
||||
|
||||
@@ -8,8 +8,8 @@ server {
|
||||
|
||||
server {
|
||||
#SSL www.domain > domain redirect
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name www.DOMAINname;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
|
||||
|
||||
@@ -18,9 +18,9 @@ systemctl reload $webservice
|
||||
|
||||
#Enabling SSL
|
||||
if [ $domainwww = 1 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
elif [ $domainwww = 0 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
fi
|
||||
|
||||
#Restoring config
|
||||
|
||||
@@ -538,9 +538,9 @@ if [ $sslenable = 1 ]; then
|
||||
msg " Setting up SSL" 8 78
|
||||
site_ext=ssl
|
||||
if [ $domainwww = 1 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
elif [ $domainwww = 0 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
fi
|
||||
certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
|
||||
@@ -577,7 +577,7 @@ fi
|
||||
# Services #
|
||||
##------------##
|
||||
|
||||
systemctl reload sshd fail2ban postfix postfix@-
|
||||
systemctl reload sshd fail2ban postfix postfix@-
|
||||
|
||||
|
||||
##-------##
|
||||
|
||||
Reference in New Issue
Block a user