init

Signed-off-by: Zoey <zoey@z0ey.de>

backend/internal/certificate.js

@@ -12,8 +12,8 @@ const internalAuditLog   = require('./audit-log');
 const internalNginx      = require('./nginx');
 const internalHost       = require('./host');
 const letsencryptStaging = process.env.NODE_ENV !== 'production';
-const letsencryptConfig  = '/etc/letsencrypt.ini';
-const certbotCommand     = 'certbot';
+const letsencryptConfig  = '/usr/local/nginx/conf/letsencrypt.ini';
+const certbotCommand     = 'certbot --config-dir /data/letsencrypt';
 const archiver           = require('archiver');
 const path               = require('path');
 const { isArray }        = require('lodash');
@@ -74,7 +74,7 @@ const internalCertificate = {
 
 								certificates.map(function (certificate) {
 									promises.push(
-										internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
+										internalCertificate.getCertificateInfoFromFile('/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
 											.then((cert_info) => {
 												return certificateModel
 													.query()
@@ -204,7 +204,7 @@ const internalCertificate = {
 						.then(() => {
 							// At this point, the letsencrypt cert should exist on disk.
 							// Lets get the expiry date from the file and update the row silently
-							return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
+							return internalCertificate.getCertificateInfoFromFile('/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
 								.then((cert_info) => {
 									return certificateModel
 										.query()
@@ -354,7 +354,7 @@ const internalCertificate = {
 				})
 				.then((certificate) => {
 					if (certificate.provider === 'letsencrypt') {
-						const zipDirectory = '/etc/letsencrypt/live/npm-' + data.id;
+						const zipDirectory = '/data/letsencrypt/live/npm-' + data.id;
 
 						if (!fs.existsSync(zipDirectory)) {
 							throw new error.ItemNotFoundError('Certificate ' + certificate.nice_name + ' does not exists');
@@ -548,6 +548,14 @@ const internalCertificate = {
 					resolve();
 				}
 			});
+
+			fs.writeFile(dir + '/chain.pem', certificate.meta.intermediate_certificate, function (err) {
+				if (err) {
+					reject(err);
+				} else {
+					resolve();
+				}
+			});
 		})
 			.then(() => {
 				return new Promise((resolve, reject) => {
@@ -868,12 +876,12 @@ const internalCertificate = {
 			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
 		}
 
-		logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info(`Requesting Let's Encrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
-		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+		const credentialsLocation = '/data/letsencrypt/credentials/credentials-' + certificate.id;
 		// Escape single quotes and backslashes
 		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
-		const credentialsCmd     = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
+		const credentialsCmd     = 'mkdir -p /data/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
 		let prepareCmd           = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
 
 		// Special case for cloudflare
@@ -946,7 +954,7 @@ const internalCertificate = {
 
 					return renewMethod(certificate)
 						.then(() => {
-							return internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
+							return internalCertificate.getCertificateInfoFromFile('/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem');
 						})
 						.then((cert_info) => {
 							return certificateModel
@@ -1008,7 +1016,7 @@ const internalCertificate = {
 			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
 		}
 
-		logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
+		logger.info(`Renewing Let's Encrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
 		let mainCmd = certbotCommand + ' renew ' +
 			'--config "' + letsencryptConfig + '" ' +
@@ -1019,7 +1027,7 @@ const internalCertificate = {
 
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
-			const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+			const credentialsLocation = '/data/letsencrypt/credentials/credentials-' + certificate.id;
 			mainCmd                   = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
 		}
 
@@ -1042,12 +1050,12 @@ const internalCertificate = {
 
 		const mainCmd = certbotCommand + ' revoke ' +
 			'--config "' + letsencryptConfig + '" ' +
-			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
+			'--cert-path "/data/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
 			(letsencryptStaging ? '--staging' : '');
 
 		// Don't fail command if file does not exist
-		const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;
+		const delete_credentialsCmd = `rm -f '/data/letsencrypt/credentials/credentials-${certificate.id}' || true`;
 
 		logger.info('Command:', mainCmd + '; ' + delete_credentialsCmd);
 
@@ -1071,7 +1079,7 @@ const internalCertificate = {
 	 * @returns {Boolean}
 	 */
 	hasLetsEncryptSslCerts: (certificate) => {
-		const letsencryptPath = '/etc/letsencrypt/live/npm-' + certificate.id;
+		const letsencryptPath = '/data/letsencrypt/live/npm-' + certificate.id;
 
 		return fs.existsSync(letsencryptPath + '/fullchain.pem') && fs.existsSync(letsencryptPath + '/privkey.pem');
 	},
@@ -1147,7 +1155,7 @@ const internalCertificate = {
 		}
 
 		// Create a test challenge file
-		const testChallengeDir  = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
+		const testChallengeDir  = '/tmp/letsencrypt-acme-challenge/.well-known/acme-challenge';
 		const testChallengeFile = testChallengeDir + '/test-challenge';
 		fs.mkdirSync(testChallengeDir, {recursive: true});
 		fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});