From dda74005f5fafdd41bdc26ed069b35b5ebb54f4f Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Wed, 24 Mar 2021 15:06:54 +0100
Subject: [PATCH] Main: Added fix SSL issue described #12

---
 CoreModules/apache/conf.sh                              | 4 +++-
 CoreModules/apache/config/apache2/site_ssl-unconfigured | 4 ++--
 CoreModules/apache/config/apache2/site_ssl-wwwredir     | 4 ++--
 CoreModules/nginx/conf.sh                               | 4 +++-
 CoreModules/nginx/config/nginx/site_ssl-unconfigured    | 6 +++---
 CoreModules/nginx/config/nginx/site_ssl-wwwredir        | 6 +++---
 CoreModules/nginx_nonphp/conf.sh                        | 3 +++
 Scripts/EnableSSL.sh                                    | 2 ++
 installer.sh                                            | 4 ++++
 9 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh
index 734379d..e6dc629 100644
--- a/CoreModules/apache/conf.sh
+++ b/CoreModules/apache/conf.sh
@@ -66,9 +66,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
 sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh
 unset monitconf
 
-
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
 
+#Add Apache as SSL service
+echo "$apacheService" >> /etc/ICTM/SslServices
+
 systemctl start $apacheService > $OUTPUT 2>&1
 systemctl enable $apacheService > $OUTPUT 2>&1
\ No newline at end of file
diff --git a/CoreModules/apache/config/apache2/site_ssl-unconfigured b/CoreModules/apache/config/apache2/site_ssl-unconfigured
index 5a99a2b..5c401e0 100644
--- a/CoreModules/apache/config/apache2/site_ssl-unconfigured
+++ b/CoreModules/apache/config/apache2/site_ssl-unconfigured
@@ -6,8 +6,8 @@
 <VirtualHost *:443>
     ServerName DOMAINname
     SSLEngine on
-    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
-    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    SSLCertificateFile       /etc/acmesh/inst/DOMAINname/fullchain.pem
+    SSLCertificateKeyFile   /etc/acmesh/inst/DOMAINname/key.pem
     Include snippets/apa-ssl.conf
 
 #ConfHere
diff --git a/CoreModules/apache/config/apache2/site_ssl-wwwredir b/CoreModules/apache/config/apache2/site_ssl-wwwredir
index 57c294b..5bcbf94 100644
--- a/CoreModules/apache/config/apache2/site_ssl-wwwredir
+++ b/CoreModules/apache/config/apache2/site_ssl-wwwredir
@@ -6,8 +6,8 @@
 <VirtualHost *:443>
     ServerName www.DOMAINname
     SSLEngine on
-    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
-    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    SSLCertificateFile       /etc/acmesh/inst/DOMAINname/fullchain.pem
+    SSLCertificateKeyFile   /etc/acmesh/inst/DOMAINname/key.pem
     Include snippets/apa-ssl.conf
     Redirect permanent / https://DOMAINname/
 </VirtualHost>
\ No newline at end of file
diff --git a/CoreModules/nginx/conf.sh b/CoreModules/nginx/conf.sh
index 5733e62..4f96f79 100644
--- a/CoreModules/nginx/conf.sh
+++ b/CoreModules/nginx/conf.sh
@@ -51,9 +51,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
 sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh
 unset monitconf
 
-
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
+#Add Nginx as SSL service
+echo "nginx" >> /etc/ICTM/SslServices
+
 systemctl start nginx > $OUTPUT 2>&1
 systemctl enable nginx > $OUTPUT 2>&1
\ No newline at end of file
diff --git a/CoreModules/nginx/config/nginx/site_ssl-unconfigured b/CoreModules/nginx/config/nginx/site_ssl-unconfigured
index cc758ed..66ceba3 100644
--- a/CoreModules/nginx/config/nginx/site_ssl-unconfigured
+++ b/CoreModules/nginx/config/nginx/site_ssl-unconfigured
@@ -13,9 +13,9 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2; 
     server_name   DOMAINname;
-    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
-    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
-    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
+    ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
+    ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
     include snippets/ngx-ssl.conf; 
     
     
diff --git a/CoreModules/nginx/config/nginx/site_ssl-wwwredir b/CoreModules/nginx/config/nginx/site_ssl-wwwredir
index 639af0b..a43a6fc 100644
--- a/CoreModules/nginx/config/nginx/site_ssl-wwwredir
+++ b/CoreModules/nginx/config/nginx/site_ssl-wwwredir
@@ -11,9 +11,9 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2; 
     server_name   www.DOMAINname;
-    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
-    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
-    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; 
+    ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
+    ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
+    ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem; 
     include snippets/ngx-ssl.conf; 
     return       301 https://DOMAINname$request_uri;
 }
diff --git a/CoreModules/nginx_nonphp/conf.sh b/CoreModules/nginx_nonphp/conf.sh
index ab4fece..de20896 100644
--- a/CoreModules/nginx_nonphp/conf.sh
+++ b/CoreModules/nginx_nonphp/conf.sh
@@ -28,5 +28,8 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
+#Add Nginx as SSL service
+echo "nginx" >> /etc/ICTM/SslServices
+
 systemctl start nginx > $OUTPUT 2>&1
 systemctl enable nginx > $OUTPUT 2>&1
\ No newline at end of file
diff --git a/Scripts/EnableSSL.sh b/Scripts/EnableSSL.sh
index 098b300..d522d03 100644
--- a/Scripts/EnableSSL.sh
+++ b/Scripts/EnableSSL.sh
@@ -37,6 +37,8 @@ fi
 if test $certsatus -eq 0
 then
 	site_ext="ssl"
+    mkdir -p /etc/acmesh/inst/$domain
+    /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
 else
 	site_ext="nossl"
     rm -rf /etc/acmesh/certs/$domain*
diff --git a/installer.sh b/installer.sh
index 035a81d..e9ee770 100644
--- a/installer.sh
+++ b/installer.sh
@@ -671,6 +671,8 @@ if [ $sslenable = 1 ]; then
     if test $certsatus -eq 0
     then
         site_ext="ssl"
+        mkdir -p /etc/acmesh/inst/$domain
+        /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
     else
         site_ext="nossl"
         rm -rf /etc/acmesh/certs/$domain*
@@ -682,6 +684,8 @@ if [ $sslenable = 1 ]; then
     if test $certsatusBackend -eq 0
     then
         siteBackend_ext="ssl"
+        mkdir -p /etc/acmesh/inst/$hostname
+        /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $hostname --cert-file /etc/acmesh/inst/$hostname/cert.pem --key-file /etc/acmesh/inst/$hostname/key.pem --ca-file /etc/acmesh/inst/$hostname/ca.cer --fullchain-file /etc/acmesh/inst/$hostname/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
     else
         siteBackend_ext="nossl"
         rm -rf /etc/acmesh/certs/$hostname*