set certbot to certonly and fixed TLSv1.3

2020-08-12 14:31:04 +02:00
parent 6e2dc8faf7
commit 7282836297
6 changed files with 12 additions and 11 deletions
--- a/AppendCMS.sh
+++ b/AppendCMS.sh
@@ -212,9 +212,9 @@ if [ $sslenable = 1 ]; then
 msg "                Setting up SSL"
    site_ext=ssl
    if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    fi
    if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
--- a/CoreModules/nginx/config/nginx/nginx-default.conf
+++ b/CoreModules/nginx/config/nginx/nginx-default.conf
@@ -39,6 +39,7 @@ http {
    gzip_disable "msie6";
    gzip_buffers 16 8k;
    include /etc/nginx/snippets/ngx-ssl.conf;
 	include /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/*;
 }
--- a/CoreModules/nginx/config/nginx/site_ssl-unconfigured
+++ b/CoreModules/nginx/config/nginx/site_ssl-unconfigured
@@ -10,8 +10,8 @@ server {
 }
 server {
-    listen 443 ssl;
+    listen 443 ssl http2;
-    listen [::]:443 ssl; 
+    listen [::]:443 ssl http2; 
    server_name   DOMAINname;
    ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem; 
--- a/CoreModules/nginx/config/nginx/site_ssl-wwwredir
+++ b/CoreModules/nginx/config/nginx/site_ssl-wwwredir
@@ -8,8 +8,8 @@ server {
 server {
    #SSL www.domain > domain redirect
-    listen 443 ssl;
+    listen 443 ssl http2;
-    listen [::]:443 ssl; 
+    listen [::]:443 ssl http2; 
    server_name   www.DOMAINname;
    ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem; 
--- a/Scripts/EnableSSL.sh
+++ b/Scripts/EnableSSL.sh
@@ -18,9 +18,9 @@ systemctl reload $webservice
 #Enabling SSL
 if [ $domainwww = 1 ]; then
-   certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+   certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 elif [ $domainwww = 0 ]; then
-   certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+   certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 fi  
 #Restoring config
--- a/installer.sh
+++ b/installer.sh
@@ -538,9 +538,9 @@ if [ $sslenable = 1 ]; then
    msg "                Setting up SSL" 8 78
    site_ext=ssl
    if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+        certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    fi
    certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then