add additional 3rd party letsencrypt client support

add support for simple shell based le client https://github.com/Neilpang/le installled at /usr/local/bin/le and controlled via setting 2 variables:

[CODE]
LECLIENT_OFFICIAL='n'
LECLIENT_LE='y'
[/CODE]

This will switch from default official letsencrypt client to 3rd party shell based simple le client outlined at https://github.com/Neilpang/le. Both are mutually exclusive so SSL certificate obtained via official letsencrypt client is saved to one directory and SSL certs obtained via 3rd party shell based simple le client are saved elsewhere in /root/.le/${vhostname}/. A nginx vhost created with official letsencrypt client won't work with 3rd party simple shell based le client created nginx vhost and vice versa.

addons/letsencrypt.sh

@@ -7,6 +7,12 @@ DT=`date +"%d%m%y-%H%M%S"`
 CENTMINLOGDIR='/root/centminlogs'
 DIR_TMP='/svr-setup'
 CFCHECK_ENABLE='n'
+
+##################################
+# Letsencrypt Client Options
+LECLIENT_OFFICIAL='y'        # use official letsencrypt.org client
+LECLIENT_LE='n'              # use 3rd party shell client https://github.com/Neilpang/le
+LECLIENT_LEKEYLENGTH='2048'  # 3rd party sheel client default key length
 ##################################################################
 CENTOSVER=$(awk '{ print $3 }' /etc/redhat-release)
 
@@ -111,6 +117,40 @@ python_setup() {
 	fi
 }
 
+simpleleclientsetup() {
+	# setup and install https://github.com/Neilpang/le instead
+
+	# find last github commit date
+	if [ -d /root/tools/le ]; then
+		LECOMMIT_DATE=$(cd /root/tools/le; date -d @$(git log -n1 --format="%at") +%Y%m%d)
+	fi
+
+	echo
+	cecho "installing or updating simple shell based le client" $boldgreen
+	echo
+	mkdir -p /root/tools
+	cd /root/tools
+	if [ -d /root/tools/le ]; then
+		rm -rf le
+		git clone https://github.com/Neilpang/le
+	else
+		git clone https://github.com/Neilpang/le
+	fi
+	cd le
+	./le.sh install
+	which le
+	le
+
+	echo
+	cecho "----------------------------------------------------" $boldyellow
+	cecho "simple shell based le client is installed at:" $boldgreen
+	cecho "/usr/local/bin/le.sh" $boldgreen
+	cecho "Symlinked to:" $boldgreen
+	cecho "/usr/local/bin/le" $boldgreen
+	cecho "----------------------------------------------------" $boldyellow	
+	echo
+}
+
 leclientsetup() {
 	# build letsencrypt version timestamp
 	# find last github commit date to compare with current client version number
@@ -573,7 +613,52 @@ deploycert() {
 				# obtain LE ssl certificate to replace selfsigned
 				# SSL certificate
 				if [[ "$levhostssl" = [yY] ]]; then
-  					# leclientsetup
+
+  					if [[ "$LECLIENT_LE" = [yY] || "$LECLIENT_OFFICIAL" != [yY] ]]; then
+    					if [ -f /usr/local/bin/le ]; then
+      					echo
+      					cecho "obtaining Letsencrypt SSL certificate via simple shell le webroot authentication..." $boldgreen
+      					echo
+      					mkdir -p /home/nginx/domains/${vhostname}/public/.well-known/acme-challenge
+      					chown -R nginx:nginx /home/nginx/domains/${vhostname}/public/.well-known/acme-challenge
+      					if [[ "$TOPLEVEL" = [yY] ]]; then
+        					echo "le issue /home/nginx/domains/${vhostname}/public ${vhostname} www.${vhostname} $LECLIENT_LEKEYLENGTH"
+        					le issue /home/nginx/domains/${vhostname}/public ${vhostname} www.${vhostname} $LECLIENT_LEKEYLENGTH
+      					else
+        					echo "le issue /home/nginx/domains/${vhostname}/public ${vhostname} $LECLIENT_LEKEYLENGTH"
+        					le issue /home/nginx/domains/${vhostname}/public ${vhostname} no $LECLIENT_LEKEYLENGTH
+      					fi
+      					LECHECK=$?
+
+      					if [[ "$LECHECK" = '0' ]]; then
+        					# create nginx concatenated cert file
+        					if [[ -f /root/.le/${vhostname}/${vhostname}.cer && -f /root/.le/${vhostname}/ca.cer ]]; then
+          					ls -lah /root/.le/${vhostname}/
+          					echo
+          					cat /root/.le/${vhostname}/${vhostname}.cer /root/.le/${vhostname}/ca.cer > /root/.le/${vhostname}/${vhostname}-unified.crt
+          					ls -lah /root/.le/${vhostname}/${vhostname}-unified.crt
+          					echo
+        					fi
+
+        					# replace self signed ssl cert with letsencrypt ssl certificate and enable ssl stapling
+        					# if letsencrypt webroot authentication was sUccessfully ran and SSL certificate obtained
+        					# otherwise leave original self signed SSL certificates in place
+        					sed -i "s|\/usr\/local\/nginx\/conf\/ssl\/${vhostname}\/${vhostname}.crt|\/root\/.le\/${vhostname}\/${vhostname}-unified.crt|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|\/usr\/local\/nginx\/conf\/ssl\/${vhostname}\/${vhostname}.key|\/root\/.le\/${vhostname}\/${vhostname}.key|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|#resolver |resolver |" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|#resolver_timeout|resolver_timeout|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|#ssl_stapling on|ssl_stapling on|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|#ssl_stapling_verify|ssl_stapling_verify|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|#ssl_trusted_certificate|ssl_trusted_certificate|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					sed -i "s|\/usr\/local\/nginx\/conf\/ssl\/${vhostname}\/${vhostname}-trusted.crt|\/root\/.le\/${vhostname}\/${vhostname}-unified.crt|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        					/usr/bin/nprestart
+      					fi # LECHECK
+    					else
+      					cecho "/usr/local/bin/le not found" $boldgreen
+    					fi  
+  					fi #LECLIENT_OFFICIAL
+
+  					if [[ "$LECLIENT_OFFICIAL" = [yY] && "$LECLIENT_LE" = [nN] ]]; then
   					if [ -f /root/.local/share/letsencrypt/bin/letsencrypt ]; then
     					echo
     					cecho "obtaining Letsencrypt SSL certificate via webroot authentication..." $boldgreen
@@ -657,8 +742,9 @@ CFF
     					fi # LECHECK
   					else
     					cecho "/root/.local/share/letsencrypt/bin/letsencrypt not found" $boldgreen
-  					fi  # line 574
-				fi # line 572
+  					fi  # line 618
+  					fi  # line 617
+				fi # line 615
 
 				if [[ "$vhostssl" = [yY] ]]; then
   					echo
@@ -674,11 +760,20 @@ CFF
   					cecho "Backup SSL CSR File: /usr/local/nginx/conf/ssl/${levhostname}/${levhostname}-backup.csr" $boldyellow   
   					if [[ "$levhostssl" = [yY] ]] && [[ "$LECHECK" = '0' ]]; then
     					echo
-    					cecho "Letsencrypt SSL Certificate: /etc/letsencrypt/live/${levhostname}/cert.pem" $boldyellow
-    					cecho "Letsencrypt SSL Certificate Private Key: /etc/letsencrypt/live/${levhostname}/privkey.pem" $boldyellow
-    					cecho "Letsencrypt SSL Certificate Chain: /etc/letsencrypt/live/${levhostname}/chain.pem" $boldyellow
-    					cecho "Letsencrypt SSL Certificate Full Chain: /etc/letsencrypt/live/${levhostname}/fullchain.pem" $boldyellow
-    					cecho "Letsencrypt $levhostname cronjob file: /usr/local/nginx/conf/ssl/${levhostname}/letsencrypt-${levhostname}-cron" $boldyellow
+    					if [[ "$LECLIENT_OFFICIAL" = [yY] ]]; then
+      					cecho "Letsencrypt SSL Certificate: /etc/letsencrypt/live/${vhostname}/cert.pem" $boldyellow
+      					cecho "Letsencrypt SSL Certificate Private Key: /etc/letsencrypt/live/${vhostname}/privkey.pem" $boldyellow
+      					cecho "Letsencrypt SSL Certificate Chain: /etc/letsencrypt/live/${vhostname}/chain.pem" $boldyellow
+      					cecho "Letsencrypt SSL Certificate Full Chain: /etc/letsencrypt/live/${vhostname}/fullchain.pem" $boldyellow
+      					cecho "Letsencrypt $vhostname cronjob file: /usr/local/nginx/conf/ssl/${vhostname}/letsencrypt-${vhostname}-cron" $boldyellow
+    					fi #LECLIENT_OFFICIAL
+    					if [[ "$LECLIENT_LE" = [yY] ]]; then
+      					cecho "Letsencrypt SSL Certificate: /root/.le/${vhostname}/${vhostname}.cer" $boldyellow
+      					cecho "Letsencrypt SSL Certificate Private Key: /root/.le/${vhostname}/${vhostname}.key" $boldyellow
+      					cecho "Letsencrypt SSL Certificate CSR: /root/.le/${vhostname}/${vhostname}.csr" $boldyellow
+      					cecho "Letsencrypt SSL Certificate Full Chain: /root/.le/${vhostname}/${vhostname}-unified.pem" $boldyellow
+      					cecho "Letsencrypt SSL simple shell le config: /root/.le/${vhostname}/${vhostname}.conf" $boldyellow
+    					fi #LECLIENT_LE
   					fi 
 				fi
 
@@ -731,7 +826,17 @@ case "$1" in
 	setup)
 		starttime=$(date +%s.%N)
 		{
-		leclientsetup
+  		if [[ "$LECLIENT_OFFICIAL" = [yY] && "$LECLIENT_LE" = [nN] ]]; then
+    		leclientsetup
+  		elif [[ "$LECLIENT_LE" = [yY] || "$LECLIENT_OFFICIAL" != [yY] ]]; then
+    		simpleleclientsetup
+  		else
+    		echo
+    		echo "Error: Please only set only one variable to = 'y' :"
+    		echo "either LECLIENT_LE or LECLIENT_OFFICIAL NOT both"
+    		echo
+    		exit
+  		fi
 		} 2>&1 | tee ${CENTMINLOGDIR}/letsencrypt-addon-install_${DT}.log
 
 		endtime=$(date +%s.%N)

centmin.sh

@@ -407,6 +407,12 @@ NGINXDIR='/usr/local/nginx'
 NGINXCONFDIR="${NGINXDIR}/conf"
 NGINXBACKUPDIR='/usr/local/nginxbackup'
 
+##################################
+# Letsencrypt Client Options
+LECLIENT_OFFICIAL='y'        # use official letsencrypt.org client
+LECLIENT_LE='n'              # use 3rd party shell client https://github.com/Neilpang/le
+LECLIENT_LEKEYLENGTH='2048'  # 3rd party sheel client default key length
+
 ##################################
 ## Nginx SSL options
 # OpenSSL

inc/letsencrypt.inc

@@ -26,6 +26,40 @@ python_setup() {
 	fi
 }
 
+simpleleclientsetup() {
+	# setup and install https://github.com/Neilpang/le instead
+
+	# find last github commit date
+	if [ -d /root/tools/le ]; then
+		LECOMMIT_DATE=$(cd /root/tools/le; date -d @$(git log -n1 --format="%at") +%Y%m%d)
+	fi
+
+	echo
+	cecho "installing or updating simple shell based le client" $boldgreen
+	echo
+	mkdir -p /root/tools
+	cd /root/tools
+	if [ -d /root/tools/le ]; then
+		rm -rf le
+		git clone https://github.com/Neilpang/le
+	else
+		git clone https://github.com/Neilpang/le
+	fi
+	cd le
+	./le.sh install
+	which le
+	le
+
+	echo
+	cecho "----------------------------------------------------" $boldyellow
+	cecho "simple shell based le client is installed at:" $boldgreen
+	cecho "/usr/local/bin/le.sh" $boldgreen
+	cecho "Symlinked to:" $boldgreen
+	cecho "/usr/local/bin/le" $boldgreen
+	cecho "----------------------------------------------------" $boldyellow	
+	echo
+}
+
 leclientsetup() {
 	# build letsencrypt version timestamp
 	# find last github commit date to compare with current client version number

inc/nginx_addvhost.inc

@@ -215,8 +215,12 @@ if [[ "$NGINX_LEVHOSTSSL" = [yY] ]]; then
   read -ep "Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: " letabort
   if [[ "$letabort" = [yY] ]]; then
     exit
-  fi 
-  read -ep "Obtain Letsencrypt Free SSL certificate (90 day expiry / renew every 60 days) ? [y/n]: " levhostssl
+  fi
+  if [[ "$LECLIENT_OFFICIAL" = [yY] ]]; then
+    read -ep "Obtain Letsencrypt Free SSL certificate (90 day expiry / renew every 60 days) ? [y/n]: " levhostssl
+  elif [[ "$LECLIENT_LE" = [yY] || "$LECLIENT_OFFICIAL" != [yY] ]]; then
+    read -ep "Obtain Letsencrypt Free SSL certificate (90 day expiry / renew every 80 days) ? [y/n]: " levhostssl
+  fi
   if [[ "$levhostssl" = [yY] ]]; then
     vhostssl=y
   fi
@@ -565,7 +569,63 @@ fi
 # obtain LE ssl certificate to replace selfsigned
 # SSL certificate
 if [[ "$levhostssl" = [yY] ]]; then
-  leclientsetup
+  if [[ "$LECLIENT_OFFICIAL" = [yY] && "$LECLIENT_LE" = [nN] ]]; then
+    leclientsetup
+  elif [[ "$LECLIENT_LE" = [yY] || "$LECLIENT_OFFICIAL" != [yY] ]]; then
+    simpleleclientsetup
+  else
+    echo
+    echo "Error: Please only set only one variable to = 'y' :"
+    echo "either LECLIENT_LE or LECLIENT_OFFICIAL NOT both"
+    echo
+    exit
+  fi
+
+  if [[ "$LECLIENT_LE" = [yY] || "$LECLIENT_OFFICIAL" != [yY] ]]; then
+    if [ -f /usr/local/bin/le ]; then
+      echo
+      cecho "obtaining Letsencrypt SSL certificate via simple shell le webroot authentication..." $boldgreen
+      echo
+      mkdir -p /home/nginx/domains/${vhostname}/public/.well-known/acme-challenge
+      chown -R nginx:nginx /home/nginx/domains/${vhostname}/public/.well-known/acme-challenge
+      if [[ "$TOPLEVEL" = [yY] ]]; then
+        echo "le issue /home/nginx/domains/${vhostname}/public ${vhostname} www.${vhostname} $LECLIENT_LEKEYLENGTH"
+        le issue /home/nginx/domains/${vhostname}/public ${vhostname} www.${vhostname} $LECLIENT_LEKEYLENGTH
+      else
+        echo "le issue /home/nginx/domains/${vhostname}/public ${vhostname} $LECLIENT_LEKEYLENGTH"
+        le issue /home/nginx/domains/${vhostname}/public ${vhostname} no $LECLIENT_LEKEYLENGTH
+      fi
+      LECHECK=$?
+
+      if [[ "$LECHECK" = '0' ]]; then
+        # create nginx concatenated cert file
+        if [[ -f /root/.le/${vhostname}/${vhostname}.cer && -f /root/.le/${vhostname}/ca.cer ]]; then
+          ls -lah /root/.le/${vhostname}/
+          echo
+          cat /root/.le/${vhostname}/${vhostname}.cer /root/.le/${vhostname}/ca.cer > /root/.le/${vhostname}/${vhostname}-unified.crt
+          ls -lah /root/.le/${vhostname}/${vhostname}-unified.crt
+          echo
+        fi
+
+        # replace self signed ssl cert with letsencrypt ssl certificate and enable ssl stapling
+        # if letsencrypt webroot authentication was sUccessfully ran and SSL certificate obtained
+        # otherwise leave original self signed SSL certificates in place
+        sed -i "s|\/usr\/local\/nginx\/conf\/ssl\/${vhostname}\/${vhostname}.crt|\/root\/.le\/${vhostname}\/${vhostname}-unified.crt|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|\/usr\/local\/nginx\/conf\/ssl\/${vhostname}\/${vhostname}.key|\/root\/.le\/${vhostname}\/${vhostname}.key|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|#resolver |resolver |" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|#resolver_timeout|resolver_timeout|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|#ssl_stapling on|ssl_stapling on|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|#ssl_stapling_verify|ssl_stapling_verify|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|#ssl_trusted_certificate|ssl_trusted_certificate|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        sed -i "s|\/usr\/local\/nginx\/conf\/ssl\/${vhostname}\/${vhostname}-trusted.crt|\/root\/.le\/${vhostname}\/${vhostname}-unified.crt|" /usr/local/nginx/conf/conf.d/${vhostname}.ssl.conf
+        /usr/bin/nprestart
+      fi # LECHECK
+    else
+      cecho "/usr/local/bin/le not found" $boldgreen
+    fi  
+  fi #LECLIENT_OFFICIAL
+
+  if [[ "$LECLIENT_OFFICIAL" = [yY] && "$LECLIENT_LE" = [nN] ]]; then
   if [ -f /root/.local/share/letsencrypt/bin/letsencrypt ]; then
     echo
     cecho "obtaining Letsencrypt SSL certificate via webroot authentication..." $boldgreen
@@ -649,8 +709,9 @@ CFF
     fi # LECHECK
   else
     cecho "/root/.local/share/letsencrypt/bin/letsencrypt not found" $boldgreen
-  fi  
-fi
+  fi  # /root/.local/share/letsencrypt/bin/letsencrypt
+  fi #LECLIENT_OFFICIAL
+fi #levhostssl
 
 echo 
 if [[ "$PUREFTPD_DISABLED" = [nN] ]]; then
@@ -681,11 +742,20 @@ if [[ "$NGINX_VHOSTSSL" = [yY] && "$vhostssl" = [yY] ]]; then
   cecho "Backup SSL CSR File: /usr/local/nginx/conf/ssl/${vhostname}/${vhostname}-backup.csr" $boldyellow   
   if [[ "$levhostssl" = [yY] ]] && [[ "$LECHECK" = '0' ]]; then
     echo
-    cecho "Letsencrypt SSL Certificate: /etc/letsencrypt/live/${vhostname}/cert.pem" $boldyellow
-    cecho "Letsencrypt SSL Certificate Private Key: /etc/letsencrypt/live/${vhostname}/privkey.pem" $boldyellow
-    cecho "Letsencrypt SSL Certificate Chain: /etc/letsencrypt/live/${vhostname}/chain.pem" $boldyellow
-    cecho "Letsencrypt SSL Certificate Full Chain: /etc/letsencrypt/live/${vhostname}/fullchain.pem" $boldyellow
-    cecho "Letsencrypt $vhostname cronjob file: /usr/local/nginx/conf/ssl/${vhostname}/letsencrypt-${vhostname}-cron" $boldyellow
+    if [[ "$LECLIENT_OFFICIAL" = [yY] ]]; then
+      cecho "Letsencrypt SSL Certificate: /etc/letsencrypt/live/${vhostname}/cert.pem" $boldyellow
+      cecho "Letsencrypt SSL Certificate Private Key: /etc/letsencrypt/live/${vhostname}/privkey.pem" $boldyellow
+      cecho "Letsencrypt SSL Certificate Chain: /etc/letsencrypt/live/${vhostname}/chain.pem" $boldyellow
+      cecho "Letsencrypt SSL Certificate Full Chain: /etc/letsencrypt/live/${vhostname}/fullchain.pem" $boldyellow
+      cecho "Letsencrypt $vhostname cronjob file: /usr/local/nginx/conf/ssl/${vhostname}/letsencrypt-${vhostname}-cron" $boldyellow
+    fi #LECLIENT_OFFICIAL
+    if [[ "$LECLIENT_LE" = [yY] ]]; then
+      cecho "Letsencrypt SSL Certificate: /root/.le/${vhostname}/${vhostname}.cer" $boldyellow
+      cecho "Letsencrypt SSL Certificate Private Key: /root/.le/${vhostname}/${vhostname}.key" $boldyellow
+      cecho "Letsencrypt SSL Certificate CSR: /root/.le/${vhostname}/${vhostname}.csr" $boldyellow
+      cecho "Letsencrypt SSL Certificate Full Chain: /root/.le/${vhostname}/${vhostname}-unified.pem" $boldyellow
+      cecho "Letsencrypt SSL simple shell le config: /root/.le/${vhostname}/${vhostname}.conf" $boldyellow
+    fi #LECLIENT_LE
   fi 
 fi
 echo