From 4feb62c4c86637f3502e706b11482c1d508b0896 Mon Sep 17 00:00:00 2001
From: Anton Reutov <a.reutov@outlook.com>
Date: Thu, 26 Aug 2021 21:36:15 +0300
Subject: [PATCH] SSL for hostname

---
 install/vst-install-debian.sh | 53 ++++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh
index 2a879e81c..9b34587c0 100644
--- a/install/vst-install-debian.sh
+++ b/install/vst-install-debian.sh
@@ -1394,10 +1394,61 @@ echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 
 # Comparing hostname and ip
-host_ip=$(host $servername| head -n 1 | awk '{print $NF}')
+
+if [ "$ssl" = 'no' ]; then
+host_ip=$(host $servername |head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
     ip="$servername"
 fi
+fi
+
+if [ "$ssl" = 'yes' ]; then
+make_ssl=0
+host_ip=$(host $servername | head -n 1 | awk '{print $NF}')
+if [ "$host_ip" != "$pub_ip" ]; then
+    echo "***** PROBLEM: Hostname $servername is not pointing to your server (IP address $ip)"
+    echo "Without pointing your hostname to your IP, LetsEncrypt SSL will not be generated for your server hostname."
+    echo "Try to setup an A record in your DNS, pointing your hostname $servername to IP address $ip and then press ENTER."
+    echo "(or register ns1.$servername and ns2.$servername as DNS Nameservers and put those Nameservers on $servername domain)"
+    echo "If we detect that hostname is still not pointing to your IP, installer will not add LetsEncrypt SSL certificate to your hosting panel (unsigned SSL will be used instead)."
+    read -p "To force to try anyway to add LetsEncrypt, press f and then ENTER." answer
+    host_ip=$(host $servername | head -n 1 | awk '{print $NF}')
+fi
+if [ "$answer" = "f" ]; then
+    make_ssl=1
+fi
+if [ "$host_ip" = "$ip" ]; then
+    ip="$servername"
+    make_ssl=1
+fi
+
+if [ $make_ssl -eq 1 ]; then
+    # Check if www is also pointing to our IP
+    www_host="www.$servername"
+    www_host_ip=$(host $www_host | head -n 1 | awk '{print $NF}')
+    if [ "$www_host_ip" != "$pub_ip" ]; then
+        if [ "$named" = 'yes' ]; then
+            echo "=== Deleting www to server hostname"
+            $VESTA/bin/v-delete-web-domain-alias 'admin' "$servername" "$www_host" 'no'
+            $VESTA/bin/v-delete-dns-on-web-alias 'admin' "$servername" "$www_host" 'no'
+        fi
+        www_host=""
+   fi
+fi
+
+echo "==="
+echo "Hostname $servername is pointing to $host_ip"
+
+if [ $make_ssl -eq 1 ]; then
+    echo "=== Generating HOSTNAME SSL"
+    $VESTA/bin/v-add-letsencrypt-domain 'admin' "$servername" "$www_host" 'yes'
+    $VESTA/bin/v-update-host-certificate 'admin' "$servername"
+else
+    echo "We will not generate SSL because of this"
+fi
+echo "==="
+echo "UPDATE_HOSTNAME_SSL='yes'" >> $VESTA/conf/vesta.conf
+fi
 
 # Sending notification to admin email
 echo -e "Congratulations, you have just successfully installed \