Webterminal: Added SSL support with existing LE certificates.

[ludeeus]

Description:

This add the option to use existing Let's Encrypt certificates.

Tested with:

• Generated with Dehydrated. (DuckDNS script) tested by @ludeeus
• Generated with certbot. Simulated testing bt @ludeeus, se comment, this should work.

Related issue (if applicable): Fixes #74

Checklist:

• The code change is tested and works locally.
• Script has validation check of the job.

If pertinent:

• Created/Updated documentation at /docs

[stickler-ci]

Double quote to prevent globbing and word splitting.

[stickler-ci]

Double quote to prevent globbing and word splitting.

[ludeeus]

@juan11perez Can you test this with your certificates generated with the certbot?

[Landrash]

Question is if we want to copy the certificate or if you should try to link the certificate instead.

[Landrash]

Use the same domain.

[Landrash]

Doing it this way would not link the cert but only "copy" it. Preferable would be to create a symlink to the certificate so that it's linked to the used certificate.

[ludeeus]

In every guide I have found, and my own testing. the cert file used for shellinabox has to include both certificate and privkey, is it possible to merge with linking?

[Landrash]

I missed that. That would require some strange magic.
Most likely this will stop working as soon as the certificate expires. If your ok with that then we can merge this.
Could you add to the update function to update the certificate if it's there?

[ludeeus]

I hope not :( that defeats the purpose of the separate webterminalhelper.sh script..
Should't this update the cert for shellinabox 1AM every night?
looking at the timestamp after running the file it looks like that would work.

I can add a note about running that file in the docs?

"Could you add to the update function to update the certificate if it's there?"
Do you mean the update for dehydrated with the DuckDNS script, then no. that will result in certbot certs not being updated.
If this was not what you ment, enlighten me :D

[Landrash]

I missed that part of the webterminalhepler.sh script.

This look great now!

[Landrash]

Looks good to me.
Ready to merge? If so remove the WIP tag :)

[ludeeus]

I still want someone that can use certbot certs to verify this before er merge.

[juan11perez]

@ludeeus i'll pull out my Pi and test it. I still have a valid installation, I think ;-)
where do I get the script from ?

[ludeeus]

@juan11perez Great!
Its in this PR, but hit me up on discord and I can help you :)

[juan11perez]

@ludeeus ok, give me about half hour and ill contact you in discord

[ludeeus]

Steps for testing this:
First upgrade hassbian-config to dev:

sudo hassbian-config upgrade hassbian-script && sudo hassbian-config upgrade hassbian-script-dev

Then download the new files:

sudo curl -o /opt/hassbian/suites/webterminal.sh https://raw.githubusercontent.com/ludeeus/hassbian-scripts/webterminal-ssl/package/opt/hassbian/suites/webterminal.sh && sudo curl -o /opt/hassbian/suites/files/webterminalhelper.sh https://raw.githubusercontent.com/ludeeus/hassbian-scripts/webterminal-ssl/package/opt/hassbian/suites/files/webterminalsslhelper.sh

Then run it:

sudo hassbian-config install webterminal --force

If you at an earlier time have installed webterminal, you need to change the settings for it:
sudo nano /etc/default/shellinabox
Change SHELLINABOX_ARGS="--no-beep --disable-ssl" to SHELLINABOX_ARGS="--no-beep"

[juan11perez]

@ludeeus not working. see entire process
https://hastebin.com/xuwajoheci.erl

[ludeeus]

I added my fulchain.pem and privkey.pem to an folder named /etc/letsencrypt/live/mydomain.com/
It ran the script and used those cert files.
This make me belive that this will work with certbot certs also.
@Landrash I have now removed WIP, can you take a check on this now? :D

[Landrash]

Looks good to me.
Great job!