Bug fix and features

Fixed multiple domain issue with create_http_https_site_certbot.sh script

Fixed issue with create_http_https_site_path_cert.sh script creating blank .pem and .key files

Added prompt to delete .pem and .key files in delete_site.sh as well as warning that it does not delete Lets Encrypt certs

Fixed wording on request_cerbot_cert.sh script

Author: deeztek

dirstructure/opt/aegis-waf/scripts/create_http_https_site_certbot_cert.sh

@@ -10,11 +10,33 @@ if [ ! -f "/usr/local/nginx/conf/ssl/dhparam.pem" ]; then
 
 #GET INPUTS
 read -p "Enter a site name: "  SITE
-read -p "Enter a domain(s) for the Site (Multiple domains must be separated by a space): "  DOMAIN
+read -p "Enter a PRIMARY ROOT domain for the Site without www. in front of it (Example: domain.tld OR host.domain.tld): "  DOMAIN
+read -p "Enter any additional sub-domains separated by a comma (Example: www.domain.tld). Leave blank and press enter if none: "  SECDOMAIN
 read -p "Enter a destination url including http(s):// (Example: http://www.domain.tld for HTTP Only or https://www.domain.tld for HTTPS) Do NOT include a Port Number: "  DESTINATION
 read -p "Enter a Destination Port Number for the Site (Example: 80 for http or 443 for https):" PORT
 read -p "Enter SSL Protocols you wish to enable separated by a space (Example: TLSv1.1 TLSv1.2 TLSv1.3):" SSLPROTOCOLS
 
+#IF SECDOMAIN IS EMPTY THEN SET ALLDOMAIN TO $DOMAIN IF NOT SET ALLDOMAIN TO $DOMAIN AND $SECDOMAIN (CERTBOT)
+if [ -z "$SECDOMAIN" ]
+then
+ALLDOMAIN=$DOMAIN
+     
+else
+ALLDOMAIN="$DOMAIN,$SECDOMAIN"
+    
+fi
+
+#IF SECDOMAIN IS EMPTY THEN SET ALLDOMAINNGINX TO $DOMAIN IF NOT SET ALLDOMAINNGINX TO $DOMAIN AND $SECDOMAIN (NGINX)
+if [ -z "$SECDOMAIN" ]
+then
+ALLDOMAINNGINX=$DOMAIN
+     
+else
+ALLDOMAINNGINX="$DOMAIN $SECDOMAIN"
+    
+fi
+
+
 #START CONFIGURATION
 echo "Creating Nginx Logs Directory"
 #CREATE NGINX LOGS DIRECTORY
@@ -96,7 +118,7 @@ fi
 
 echo "Configuring Nginx HTTP Conf File Domain"
 #REPLACE ALL INSTANCES OF THE-DOMAIN WITH DOMAIN VARIABLE ON NGINX CONFIG FILE
-/bin/sed -i -e "s/THE-DOMAIN/$DOMAIN/g" "/usr/local/nginx/conf/sites-available/$SITE.conf"
+/bin/sed -i -e "s/THE-DOMAIN/$ALLDOMAINNGINX/g" "/usr/local/nginx/conf/sites-available/$SITE.conf"
 
 if [ $? -eq 0 ]; then
     echo "Done"
@@ -160,6 +182,8 @@ else
         exit
 fi
 
+
+
 #=== DO NOT ENABLE BELOW UNLESS TROUBLESHOOTING ===
 #echo "Pausing for 5 seconds waiting for Nginx"
 #sleep 5
@@ -180,8 +204,8 @@ fi
 
 
 echo "Requesting Letsencrypt Certificate"
-#Request Letsencrypt Certificate
-/usr/bin/certbot certonly --noninteractive --webroot --agree-tos --register-unsafely-without-email -d ${DOMAIN} -w /var/www/html/$SITE
+#Request Letsencrypt Certificate with ALLDOMAIN variable
+/usr/bin/certbot certonly --noninteractive --webroot --agree-tos --register-unsafely-without-email -d ${ALLDOMAIN} -w /var/www/html/$SITE
 
 if [ $? -eq 0 ]; then
     echo "Done"
@@ -213,9 +237,20 @@ else
         exit
 fi
 
-echo "Configuring Nginx HTTPS Conf File Domain"
-#REPLACE ALL INSTANCES OF THE-DOMAIN WITH DOMAIN VARIABLE ON NGINX CONFIG FILE
-/bin/sed -i -e "s/THE-DOMAIN/$DOMAIN/g" "/usr/local/nginx/conf/sites-available/$SITE-ssl.conf"
+echo "Configuring Nginx HTTPS Conf File server_name Domain"
+#REPLACE ALL INSTANCES OF THE-DOMAIN WITH ALLDOMAINNGINX VARIABLE ON NGINX CONFIG FILE
+/bin/sed -i -e "s/THE-DOMAIN/$ALLDOMAINNGINX/g" "/usr/local/nginx/conf/sites-available/$SITE-ssl.conf"
+
+if [ $? -eq 0 ]; then
+    echo "Done"
+else
+        echo "Error occured. Stopped processing!"
+        exit
+fi
+
+echo "Configuring Nginx HTTPS Conf File ssl_certificate and ssl_certificate_key Domain"
+#REPLACE ALL INSTANCES OF THE-DOMAIN WITH ALLDOMAINNGINX VARIABLE ON NGINX CONFIG FILE
+/bin/sed -i -e "s/THE-PRIMARY-DOMAIN/$DOMAIN/g" "/usr/local/nginx/conf/sites-available/$SITE-ssl.conf"
 
 if [ $? -eq 0 ]; then
     echo "Done"

dirstructure/opt/aegis-waf/scripts/create_http_https_site_path_cert.sh

@@ -249,30 +249,6 @@ else
         exit
 fi
 
-echo "Inserting SSL Certificate Contents into SSL Certificate File"
-
-#/bin/sed -i -e "s,THE-PEM,$PEM,g" "/usr/local/nginx/conf/ssl/${SITE}.pem"
-/bin/echo "$PEM" >> /usr/local/nginx/conf/ssl/${SITE}.pem
-
-if [ $? -eq 0 ]; then
-    echo "Done"
-else
-        echo "Error occured. Stopped processing!"
-        exit
-fi
-
-echo "Inserting SSL Certificate Key Contents into SSL Certificate Key File"
-
-#/bin/sed -i -e "s,THE-KEY,$KEY,g" "/usr/local/nginx/conf/ssl/${SITE}.key"
-/bin/echo "$KEY" >> /usr/local/nginx/conf/ssl/${SITE}.key
-
-if [ $? -eq 0 ]; then
-    echo "Done"
-else
-        echo "Error occured. Stopped processing!"
-        exit
-fi
-
 
 echo "Enabling HTTPS site in Nginx"
 #CREATE HARD LINK FROM NGINX SITES-AVAILABLE TO NGINX SITES-ENABLED

dirstructure/opt/aegis-waf/scripts/delete_site.sh

@@ -1,5 +1,10 @@
 #!/bin/bash
 
+echo "WARNING" | boxes -d stone -p a2v1
+echo "This script will NOT delete any Lets Encrypt certificates."
+echo "Lets encrypt certificates must be manually removed from their respective /etc/letsencrypt/live/domain.tld directories"
+echo "This script will prompt you to delete ONLY manually entered certificate and key files"
+
 #GET INPUTS
 read -p "Enter a site name to permanently delete: "  SITE
 
@@ -66,22 +71,13 @@ else
         echo There was an error removing Modsecurity .conf file. Error was $?
 fi
 
-echo "Removing certificate .pem file"
-#Remove certificate .pem file
-/bin/rm -rf /usr/local/nginx/conf/ssl/${SITE}.pem
-
-if [ $? -eq 0 ]; then
-    echo Done
-else
-        echo There was an error removing .pem file. Error was $?
-fi
-
-echo "Removing key .key file"
-#Remove key .key file
-/bin/rm -rf /usr/local/nginx/conf/ssl/${SITE}.key
+while true; do
+    read -p "Do you wish remove the SSL Certificate and Key Files? (Enter y or Y. Warning!! Entering y or Y will remove the certificate and key files which may break other sites that use those files)" yn
+    case $yn in
+        [Yy]* ) echo "Removing SSL Certificate and Key Files"; /bin/rm -rf /usr/local/nginx/conf/ssl/${SITE}.pem; /bin/rm -rf /usr/local/nginx/conf/ssl/${SITE}.key;
+        echo "Done. Reload Nginx for changes to take effect!"; break;;
+        [Nn]* ) echo "Done. Reload Nginx for changes to take effect!;"; break;;
+        * ) echo "Please answer yes or no.";;
+    esac
+done
 
-if [ $? -eq 0 ]; then
-    echo Done. Reload Nginx for changes to take effect!
-else
-        echo There was an error removing .key file. Error was $?
-fi

dirstructure/opt/aegis-waf/scripts/request_certbot_cert.sh

@@ -10,8 +10,8 @@ if [ ! -f "/usr/local/nginx/conf/ssl/dhparam.pem" ]; then
 
 #GET INPUTS
 read -p "Enter a certificate name: "  CERTNAME
-read -p "Enter a PRIMARY domain for the Site: "  DOMAIN
-read -p "Enter any additional sub-domains separated by a comma (Leave blank if none): "  SECDOMAIN
+read -p "Enter a PRIMARY ROOT domain for the Site without www. in front of it (Example: domain.tld OR host.domain.tld): "  DOMAIN
+read -p "Enter any additional sub-domains separated by a comma (Example: www.domain.tld). Leave blank and press enter if none: "  SECDOMAIN
 
 #START CONFIGURATION
 
@@ -73,7 +73,7 @@ then
 ALLDOMAIN=$DOMAIN
 
 else
-ALLDOMAIN=$DOMAIN,$SECDOMAIN
+ALLDOMAIN="$DOMAIN,$SECDOMAIN"
 
 fi
 

dirstructure/opt/aegis-waf/templates/https_template_site_certbot.conf

@@ -9,8 +9,8 @@ server {
         access_log /usr/local/nginx/logs/THE-SITE/THE-SITE_access.log;
         error_log /usr/local/nginx/logs/THE-SITE/THE-SITE_error.log warn;
         #SSL LETS ENCRYPT CERTIFICATE CONFIG
-        ssl_certificate     /etc/letsencrypt/live/THE-SITE/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/THE-SITE/privkey.pem;
+        ssl_certificate     /etc/letsencrypt/live/THE-PRIMARY-DOMAIN/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/THE-PRIMARY-DOMAIN/privkey.pem;
         # Turn on OCSP stapling as recommended at 
         # https://community.letsencrypt.org/t/integration-guide/13123 
         # requires nginx version >= 1.3.7