added SSL CA-bundle support

2025-08-21 05:44:07 -07:00 · 2011-12-12 16:34:24 +02:00 · 2011-12-12 16:34:24 +02:00 · 5458c49d39
commit 5458c49d39
parent 8fe4b05a06
32 changed files with 158 additions and 428 deletions
--- a/bin/v_add_sys_user_ssl
+++ b/bin/v_add_sys_user_ssl
@ -1,58 +0,0 @@
 #!/bin/bash
 # info: adding ssl certificate
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument defenition
 user=$1
 ssl=$2
 # Importing variables
 source $VESTA/conf/vars.conf
 source $V_CONF/vesta.conf
 source $V_FUNC/shared.func
 source $V_FUNC/ssl.func
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 # Checking arg number
 check_args '2' "$#" 'user ssl'
 # Checking argument format
 format_validation 'user' 'ssl'
 # Checking user
 is_user_valid
 # Checking user is active
 is_user_suspended
 # Checking certificate name
 is_cert_free
 # Checking template
 is_cert_valid "$V_TMP"
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Adding certificate to user dir
 mv $V_TMP/$ssl.crt $V_USERS/$user/ssl/
 mv $V_TMP/$ssl.key $V_USERS/$user/ssl/
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_history "$V_EVENT" "v_del_sys_user_ssl $user $ssl"
 log_event 'system' "$V_EVENT"
 exit
--- a/bin/v_add_web_domain
+++ b/bin/v_add_web_domain
@ -198,14 +198,14 @@ increase_user_value "$user" '$U_WEB_DOMAINS'
 # Defining domain variables
 v_str="DOMAIN='$domain'"
-v_str="$v_str IP='$ip'"
+v_str="$v_str IP='$ip' IP6=''"
 v_str="$v_str U_DISK='0'"
 v_str="$v_str U_BANDWIDTH='0'"
 v_str="$v_str TPL='$template'"
 v_str="$v_str ALIAS='$aliases'"
 v_str="$v_str $template_data"    # Inserting PHP, CGI and ELOG keys
 v_str="$v_str STATS='' STATS_AUTH=''"
-v_str="$v_str SSL='' SSL_HOME=''"
+v_str="$v_str SSL='no' SSL_HOME='single'"
 v_str="$v_str NGINX='' NGINX_EXT='' SUSPEND='no' DATE='$V_DATE'"
 # Registering domain
--- a/bin/v_add_web_domain_alias
+++ b/bin/v_add_web_domain_alias
@ -82,7 +82,7 @@ upd_web_domain_values
 del_web_config
 add_web_config
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -96,7 +96,7 @@ if [ ! -z "$NGINX" ]; then
    del_web_config
    add_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_add_web_domain_cgi
+++ b/bin/v_add_web_domain_cgi
@ -64,7 +64,7 @@ del_web_config
 add_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
--- a/bin/v_add_web_domain_elog
+++ b/bin/v_add_web_domain_elog
@ -64,7 +64,7 @@ del_web_config
 add_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
    del_web_config
    add_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_add_web_domain_nginx
+++ b/bin/v_add_web_domain_nginx
@ -68,7 +68,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
 upd_web_domain_values
 add_web_config
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
    tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
    conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_add_web_domain_ssl
+++ b/bin/v_add_web_domain_ssl
@ -9,7 +9,7 @@
 user=$1
 domain=$(idn -t --quiet -u "$2" )
 domain_idn=$(idn -t --quiet -a "$domain")
-ssl=$3
+ssl_dir=$3
 ssl_home=${4-single}
 # Importing variables
@ -25,10 +25,10 @@ source $V_FUNC/ip.func
 #----------------------------------------------------------#
 # Checking arg number
-check_args '3' "$#" 'user domain ssl [sslhome]'
+check_args '3' "$#" 'user domain ssl_dir [ssl_home]'
 # Checking argument format
-format_validation 'user' 'domain' 'ssl'
+format_validation 'user' 'domain' 'ssl_dir'
 # Checking web system is enabled
 is_system_enabled 'web'
@ -59,12 +59,20 @@ is_web_domain_cert_valid
 #                       Action                             #
 #----------------------------------------------------------#
 # Adding certificate to user data directory
 cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
 cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
 cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
 if [ -e "$ssl_dir/$domain.ca" ]; then
    cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
    cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
 fi
 # Parsing domain values
 get_web_domain_values
 conf="$V_HOME/$user/conf/shttpd.conf"
 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
-SSL=$ssl
+SSL_HOME="$ssl_home"
 SSL_HOME=$ssl_home
 # Checking ip ownership
 is_sys_ip_owner
@ -76,8 +84,12 @@ upd_web_domain_values
 add_web_config
 # Adding certificate to user dir
-cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
-cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
 cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
 if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
 fi
 # Running template trigger
 if [ -x $V_WEBTPL/apache_$template.sh ]; then
@ -115,8 +127,8 @@ fi
 increase_user_value "$user" '$U_WEB_SSL'
 # Adding ssl values
 update_web_domain_value '$SSL' "$SSL"
 update_web_domain_value '$SSL_HOME' "$SSL_HOME"
 update_web_domain_value '$SSL' 'yes'
 # Logging
 log_history "$V_EVENT" "v_del_web_domain_ssl $user $domain"
--- a/bin/v_backup_sys_user
+++ b/bin/v_backup_sys_user
@ -100,31 +100,6 @@ if [ -e "$V_USERS/$user/backup.excludes" ]; then
    cp -r $V_USERS/$user/backup.excludes $tmpdir/vesta/
 fi
 if [ -e "$V_USERS/$user/cron.conf" ]; then
    echo -e "$(date "+%F %T") cron.conf"
    cp -r $V_USERS/$user/cron.conf $tmpdir/vesta/
 fi
 if [ -e "$V_USERS/$user/db.conf" ]; then
    echo -e "$(date "+%F %T") db.conf"
    cp -r $V_USERS/$user/db.conf $tmpdir/vesta/
 fi
 if [ -e "$V_USERS/$user/dns.conf" ]; then
    echo -e "$(date "+%F %T") dns.conf"
    cp -r $V_USERS/$user/dns.conf $tmpdir/vesta/
 fi
 if [ -e "$V_USERS/$user/mail.conf" ]; then
    echo -e "$(date "+%F %T") mail.conf"
    cp -r $V_USERS/$user/mail.conf $tmpdir/vesta/
 fi
 if [ -e "$V_USERS/$user/web.conf" ]; then
    echo -e "$(date "+%F %T") web.conf"
    cp -r $V_USERS/$user/web.conf $tmpdir/vesta/
 fi
 echo
@ -205,7 +180,7 @@ then
            sed -n "$top_line,$bottom_line p" $conf > conf/httpd.conf
            # SSL check
-            if [ ! -z "$SSL" ]; then
+            if [ "$SSL" = 'yes' ]; then
                tpl_file="$V_WEBTPL/apache_$TPL.stpl"
                conf="$V_HOME/$user/conf/shttpd.conf"
                get_web_config_brds
@ -221,7 +196,7 @@ then
            sed -n "$top_line,$bottom_line p" $conf > conf/nginx.conf
            # SSL check
-            if [ ! -z "$SSL" ] ; then
+            if [ "$SSL" = 'yes' ] ; then
                tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
                conf="$V_HOME/$user/conf/snginx.conf"
                get_web_config_brds
@ -235,8 +210,8 @@ then
        done
        # SSL Certificates
-        if [ ! -z "$SSL" ] ; then
+        if [ "$SSL" = 'yes' ] ; then
-            cp $V_HOME/$user/conf/$SSL.* ssl/
+            cp $V_HOME/$user/conf/ssl.$domain.* ssl/
        fi
        tar -rf $tmpdir/web/$domain/$domain.tar conf ssl
@ -353,23 +328,6 @@ then
    echo
 fi
 # SSL CERTIFICATES
 if [ ! -z "$WEB_SSL" ] && [ "$WEB_SSL" != 'no' ] && [ "$SSL" != '*' ]; then
    echo "-- SSL --"
    mkdir $tmpdir/ssl
    # Backingup ssl certificates
    cert_list=$(ls $V_USERS/$user/ssl/ | grep ".crt" |\
                sed -e "s/\.crt$//" |\
                tr '\n' ' ' |\
                sed -e 's/ $//' )
    for cert in $cert_list; do
        echo -e "$(date "+%F %T") $cert"
        cp $V_USERS/$user/ssl/$cert.* $tmpdir/ssl/
    done
    echo
 fi
 # Get backup size
 size="$(du -shm $tmpdir | cut -f 1)"
@ -539,7 +497,6 @@ backup_str="$backup_str WEB='${web_list// /,}'"
 backup_str="$backup_str DNS='${dns_list// /,}'"
 backup_str="$backup_str MAIL='${mail_list// /,}'"
 backup_str="$backup_str DB='${db_list// /,}'"
 backup_str="$backup_str SSL='${cert_list// /,}'"
 backup_str="$backup_str CRON='$cron_list'"
 echo "$backup_str" >> $V_USERS/$user/backup.conf
--- a/bin/v_change_web_domain_ip
+++ b/bin/v_change_web_domain_ip
@ -61,7 +61,7 @@ new=$ip
 replace_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    replace_web_config
@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
 fi
 # Checking nginx
-if [ ! -z "$SSL" ] && [ ! -z "$NGINX" ]; then 
+if [ "$SSL" = 'yes' ] && [ ! -z "$NGINX" ]; then 
    tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
    conf="$V_HOME/$user/conf/snginx.conf"
    replace_web_config
--- a/bin/v_change_web_domain_sslcert
+++ b/bin/v_change_web_domain_sslcert
@ -9,7 +9,7 @@
 user=$1
 domain=$(idn -t --quiet -u "$2" )
 domain_idn=$(idn -t --quiet -a "$domain")
-ssl=$3
+ssl_dir=$3
 # Importing variables
 source $VESTA/conf/vars.conf
@ -54,38 +54,27 @@ is_web_domain_cert_valid
 #                       Action                             #
 #----------------------------------------------------------#
-# Parsing domain values
+# Deleting old certificate
-get_web_domain_values
+tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
-tpl_file="$V_WEBTPL/apache_$TPL.stpl"
+rm -f $V_HOME/$user/conf/ssl.$domain.*
-conf="$V_HOME/$user/conf/shttpd.conf"
+mv $V_USERS/$user/ssl/$domain.* $tmpdir
-old_ssl="$SSL"
+chown -R $user:$user $tmpdir
 SSL="$ssl"
-# Preparing domain values for the template substitution
+# Adding new certificate to user data directory
-upd_web_domain_values
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
-
+cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
-# Recreating vhost
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
-del_web_config
+if [ -e "$ssl_dir/$domain.ca" ]; then
-add_web_config
+    cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
-
+    cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
 # Checking nginx
 if [ ! -z "$NGINX" ]; then
    proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
    tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
    conf="$V_HOME/$user/conf/snginx.conf"
    del_web_config
    add_web_config
 fi
 # Adding new certificate to user dir
-cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
-cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
-
+cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
-# Deleting old certificate
+if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
-check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
+    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
 if [ "$check_cert"  -lt 2 ]; then
    rm -f $V_HOME/$user/conf/$old_ssl.crt
    rm -f $V_HOME/$user/conf/$old_ssl.key
 fi
@ -93,14 +82,11 @@ fi
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Adding sslcert in config
 update_web_domain_value '$SSL' "$SSL"
 # Adding task to the vesta pipe
 restart_schedule 'web'
 # Logging
-log_history "$V_EVENT" "$V_SCRIPT $user $domain $old_ssl"
+log_history "$V_EVENT" "$V_SCRIPT $user $domain $tmpdir"
 log_event 'system' "$V_EVENT"
 exit
--- a/bin/v_change_web_domain_tpl
+++ b/bin/v_change_web_domain_tpl
@ -62,7 +62,7 @@ conf="$V_HOME/$user/conf/httpd.conf"
 del_web_config
 # Deleting ssl vhost
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -139,10 +139,15 @@ if [ -x $V_WEBTPL/apache_$template.sh ]; then
 fi
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
-    # Defining variables for ssl template replace
+    # Defining SSL vars
-    ssl_cert="$V_HOME/$user/conf/$SSL.crt"
+    ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt"
-    ssl_key="$V_HOME/$user/conf/$SSL.key"
+    ssl_key="$V_HOME/$user/conf/ssl.$domain.key"
    ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem"
    ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca"
    if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then
        ssl_ca_str='#'
    fi
    case $SSL_HOME in
        single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;;
        same)   docroot="$V_HOME/$user/web/$domain/public_html" ;;
--- a/bin/v_del_sys_user_ssl
+++ b/bin/v_del_sys_user_ssl
@ -1,55 +0,0 @@
 #!/bin/bash
 # info: adding ssl certificate
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument defenition
 user=$1
 ssl=$2
 # Importing variables
 source $VESTA/conf/vars.conf
 source $V_CONF/vesta.conf
 source $V_FUNC/shared.func
 source $V_FUNC/ssl.func
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 # Checking arg number
 check_args '2' "$#" 'user certificate'
 # Checking argument format
 format_validation 'user' 'certificate'
 # Checking user
 is_user_valid
 # Checking user is active
 is_user_suspended
 # Checking certificate 
 is_cert_used
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Deleting certificate
 rm -f $V_USERS/$user/ssl/$ssl.*
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_history "$V_EVENT"
 log_event 'system' "$V_EVENT"
 exit
--- a/bin/v_del_web_domain
+++ b/bin/v_del_web_domain
@ -57,18 +57,14 @@ conf="$V_HOME/$user/conf/httpd.conf"
 del_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
-    # Deleting old certificate
+    # Deleting certificates
-    check_cert=$(grep "SSL='$SSL'" $V_USERS/$user/web.conf |wc -l)
+    rm -f $V_HOME/$user/conf/ssl.$domain.*
-    if [ "$check_cert" -lt 2 ]; then
+    rm -f $V_USERS/$user/ssl/$domain.*
        rm -f $V_HOME/$user/conf/$SSL.crt
        rm -f $V_HOME/$user/conf/$SSL.key
    fi
 fi
 # Checking nginx
@ -77,7 +73,7 @@ if [ ! -z "$NGINX" ]; then
    conf="$V_HOME/$user/conf/nginx.conf"
    del_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
@ -117,7 +113,7 @@ rm -rf /var/log/httpd/domains/$domain.error*
 del_web_domain
 # Checking last ssl domain
-ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf | wc -l)
+ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf | wc -l)
 if [ "$ssl_dom" -eq '0' ]; then
    sed -i "s/ Include /#Include /"  $V_HOME/$user/conf/httpd.conf
 fi
@ -135,7 +131,7 @@ fi
 # Checking last nginx domain
 conf='/etc/nginx/conf.d/vesta_users.conf'
 last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
-last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
+last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
 if [ -z "$last_snginx" ]; then
    sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
    if [ ! -z "$sline" ]; then
--- a/bin/v_del_web_domain_alias
+++ b/bin/v_del_web_domain_alias
@ -73,7 +73,7 @@ upd_web_domain_values
 del_web_config
 add_web_config
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -87,7 +87,7 @@ if [ ! -z "$NGINX" ]; then
    del_web_config
    add_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_del_web_domain_cgi
+++ b/bin/v_del_web_domain_cgi
@ -63,7 +63,7 @@ del_web_config
 add_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
--- a/bin/v_del_web_domain_elog
+++ b/bin/v_del_web_domain_elog
@ -64,7 +64,7 @@ del_web_config
 add_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
    del_web_config
    add_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_del_web_domain_nginx
+++ b/bin/v_del_web_domain_nginx
@ -57,7 +57,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
 del_web_config
 # Checking ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
    conf="$V_HOME/$user/conf/snginx.conf"
    del_web_config
@ -75,7 +75,7 @@ update_web_domain_value '$NGINX_EXT' ''
 # Checking last nginx domain
 conf='/etc/nginx/conf.d/vesta_users.conf'
 last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
-last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
+last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
 if [ -z "$last_snginx" ]; then
    sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
    if [ ! -z "$sline" ]; then
--- a/bin/v_del_web_domain_ssl
+++ b/bin/v_del_web_domain_ssl
@ -54,7 +54,6 @@ is_web_domain_value_exist '$SSL'
 get_web_domain_values
 conf="$V_HOME/$user/conf/shttpd.conf"
 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 old_ssl="$SSL"
 # Deleting domain
 del_web_config
@ -67,11 +66,10 @@ if [ ! -z "$NGINX" ]; then
 fi
 # Deleting old certificate
-check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
+tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
-if [ "$check_cert"  -lt 2 ]; then
+rm -f $V_HOME/$user/conf/ssl.$domain.*
-    rm -f $V_HOME/$user/conf/$old_ssl.crt
+mv $V_USERS/$user/ssl/$domain.* $tmpdir
-    rm -f $V_HOME/$user/conf/$old_ssl.key
+chown -R $user:$user $tmpdir
 fi
 #----------------------------------------------------------#
@ -79,11 +77,10 @@ fi
 #----------------------------------------------------------#
 # Deleting ssl in config
-update_web_domain_value '$SSL' ''
+update_web_domain_value '$SSL' 'no'
 update_web_domain_value '$SSL_HOME' ''
 # Checking last ssl domain
-ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf)
+ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf)
 main_conf='/etc/httpd/conf.d/vesta.conf'
 conf="$V_HOME/$user/conf/shttpd.conf"
 if [ -z "$ssl_dom" ]; then
@ -94,7 +91,7 @@ fi
 # Checking last nginx domain
 conf='/etc/nginx/conf.d/vesta_users.conf'
 last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
-last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
+last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
 if [ -z "$last_snginx" ]; then
    sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
    if [ ! -z "$sline" ]; then
@ -110,7 +107,7 @@ decrease_user_value "$user" '$U_WEB_SSL'
 restart_schedule 'web'
 # Logging
-log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $SSL $SSL_HOME"
+log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $tmpdir $SSL_HOME"
 log_event 'system' "$V_EVENT"
 exit
--- a/bin/v_list_sys_user_backups
+++ b/bin/v_list_sys_user_backups
@ -39,7 +39,7 @@ fi
 # Defining fileds to select
 fields="\$DATE \$TIME \$RUNTIME \$TYPE \$SIZE \$VESTA \$PAM \$WEB \$DNS \$DB"
-fields="$fields \$MAIL \$SSL \$CRON"
+fields="$fields \$MAIL \$CRON"
 # Listing domains
 case $format in 
--- a/bin/v_list_sys_user_ssl
+++ b/bin/v_list_sys_user_ssl
@ -1,86 +0,0 @@
 #!/bin/bash
 # info: listing ssl certificates
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument defenition
 user=$1
 format=${2-shell}
 # Importing variables
 source $VESTA/conf/vars.conf
 source $V_FUNC/shared.func
 # Json function
 json_list_cert() {
    # Print top bracket
    echo '['
    # Checking certificates number
    certificates=$(ls $V_USERS/$user/ssl/ |grep '.crt' )
    certificates_count=$(echo "$certificates" | wc -l)
    i=1
    # Listing files by mask
    for cert in $certificates; do
        if [ $i -eq $certificates_count ]; then
             echo -e "\t\"${cert//.crt/}\""
        else
             echo -e "\t\"${cert//.crt/}\","
        fi
        (( ++i))
    done
    # Printing bottom bracket
    echo -e "]"
 }
 # Shell function
 shell_list_cert() {
    if [ -z "$nohead" ] ; then
        # Print brief info
        echo "Certificate"
        echo "----------"
    fi
    # Listing files by mask
    for cert in $(ls $V_USERS/$user/ssl/ | grep '.crt'); do
        # Print result
        echo "${cert//.crt/}"
    done
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 # Checking args
 check_args '1' "$#" 'user [format] [limit] [offset]'
 # Checking argument format
 format_validation 'user'
 # Checking user
 is_user_valid
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Listing domains
 case $format in 
    json)   json_list_cert  ;;
    plain)  nohead=1; shell_list_cert ;;
    shell)  shell_list_cert | column -t ;;
    *)      check_args '1' '0' 'user [format]' ;;
 esac
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 exit
--- a/bin/v_rebuild_web_domains
+++ b/bin/v_rebuild_web_domains
@ -70,7 +70,7 @@ for domain in $(shell_list) ; do
    fi
    # Checking ssl
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        # Adding domain to the shttpd.conf
        conf="$V_HOME/$user/conf/tmp_shttpd.conf"
        tpl_file="$V_WEBTPL/apache_$TPL.stpl"
@ -90,7 +90,7 @@ for domain in $(shell_list) ; do
        conf="$V_HOME/$user/conf/tmp_nginx.conf"
        add_web_config
-        if [ ! -z "$SSL" ]; then
+        if [ "$SSL" = 'yes' ]; then
            if [ "$SUSPEND" = 'yes' ]; then
                proxy_string="rewrite ^(.*)\$ http://$url;"
            else
--- a/bin/v_suspend_web_domain
+++ b/bin/v_suspend_web_domain
@ -61,7 +61,7 @@ del_web_config
 add_web_config
 # Check ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
    del_web_config
    add_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="rewrite ^(.*)\$ http://$url;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_unsuspend_web_domain
+++ b/bin/v_unsuspend_web_domain
@ -58,7 +58,7 @@ del_web_config
 add_web_config
 # Check ssl
-if [ ! -z "$SSL" ]; then
+if [ "$SSL" = 'yes' ]; then
    tpl_file="$V_WEBTPL/apache_$TPL.stpl"
    conf="$V_HOME/$user/conf/shttpd.conf"
    del_web_config
@ -72,7 +72,7 @@ if [ ! -z "$NGINX" ]; then
    del_web_config
    add_web_config
-    if [ ! -z "$SSL" ]; then
+    if [ "$SSL" = 'yes' ]; then
        proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
        tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
        conf="$V_HOME/$user/conf/snginx.conf"
--- a/bin/v_upd_sys_user_backups
+++ b/bin/v_upd_sys_user_backups
@ -213,7 +213,7 @@ if [ -e "$tmp_file" ]; then
 fi
 # Checking local
-if [ "$type" == 'local' ]; then
+if [ "$type" = 'local' ]; then
    backups=$(ls $V_BACKUP |grep "^$user."|sort)
    for backup in $backups; do
        get_backup_info $V_BACKUP/$backup $type >> $tmp_file
@ -221,7 +221,7 @@ if [ "$type" == 'local' ]; then
 fi
 # Checking ftp
-if [ "$type" == 'ftp' ]; then
+if [ "$type" = 'ftp' ]; then
    tmpdir=$(mktemp -p $V_BACKUP -d)
    ftmpdir=$(basename $tmpdir)
    init_ftp_variables
@ -242,7 +242,7 @@ if [ "$type" == 'ftp' ]; then
 fi
 # Checking both local and ftp
-if [ "$type" == 'ftp,local' ] || [ "$type" == 'local,ftp' ]; then
+if [ "$type" = 'ftp,local' ] || [ "$type" = 'local,ftp' ]; then
    tmpdir=$(mktemp -p $V_BACKUP -d)
    ftmpdir=$(basename $tmpdir)
--- a/data/templates/apache_default.stpl
+++ b/data/templates/apache_default.stpl
@ -31,8 +31,9 @@
    php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
    SSLEngine on
    SSLVerifyClient none
-    SSLCertificateFile %ssl_cert%
+    SSLCertificateFile %ssl_crt%
    SSLCertificateKeyFile %ssl_key%
    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
    <IfModule mod_ruid2.c>
        RMode config
        RUidGid %user% %group%
--- a/data/templates/apache_phpcgi.stpl
+++ b/data/templates/apache_phpcgi.stpl
@ -25,8 +25,9 @@
    php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
    SSLEngine on
    SSLVerifyClient none
-    SSLCertificateFile %ssl_cert%
+    SSLCertificateFile %ssl_crt%
    SSLCertificateKeyFile %ssl_key%
    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
    Include %home%/%user%/conf/shttpd.%domain%.conf*
--- a/data/templates/apache_phpfcgid.stpl
+++ b/data/templates/apache_phpfcgid.stpl
@ -25,8 +25,9 @@
    php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
    SSLEngine on
    SSLVerifyClient none
-    SSLCertificateFile %ssl_cert%
+    SSLCertificateFile %ssl_crt%
    SSLCertificateKeyFile %ssl_key%
    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
    Include %home%/%user%/conf/shttpd.%domain%.conf*
--- a/data/templates/apache_unlim.stpl
+++ b/data/templates/apache_unlim.stpl
@ -31,8 +31,9 @@
    php_admin_value open_basedir none
    SSLEngine on
    SSLVerifyClient none
-    SSLCertificateFile %ssl_cert%
+    SSLCertificateFile %ssl_crt%
    SSLCertificateKeyFile %ssl_key%
    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
    <IfModule mod_ruid2.c>
        RMode config
--- a/data/templates/ngingx_vhost_default.stpl
+++ b/data/templates/ngingx_vhost_default.stpl
@ -3,7 +3,7 @@ server {
    server_name %domain_idn% %alias_idn%;
    server_name_in_redirect off;
    ssl         on;
-    ssl_certificate      %ssl_cert%;
+    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    %elog%error_log  /var/log/httpd/domains/%domain%.error.log error;
--- a/func/domain.func
+++ b/func/domain.func
@ -239,8 +239,10 @@ add_web_config() {
            -e "s/%alias_string%/$alias_string/g" \
            -e "s/%alias_idn%/${aliases_idn//,/ }/g" \
            -e "s/%alias%/${aliases//,/ }/g" \
-            -e "s/%ssl_cert%/${ssl_cert////\/}/g" \
+            -e "s/%ssl_crt%/${ssl_crt////\/}/g" \
            -e "s/%ssl_key%/${ssl_key////\/}/g" \
            -e "s/%ssl_pem%/${ssl_pem////\/}/g" \
            -e "s/%ssl_ca_str%/${ssl_ca_str////\/}/g" \
            -e "s/%nginx_extentions%/${NGINX_EXT//,/|}/g" \
            -e "s/%elog%/$elog/g" \
            -e "s/%cgi%/$cgi/g" \
@ -448,13 +450,53 @@ is_web_domain_key_empty() {
 }
 is_web_domain_cert_valid() {
    # Checking file existance
-    path="$V_USERS/$user/ssl"
+    if [ ! -e "$ssl_dir/$domain.crt" ] || [ ! -e "$ssl_dir/$domain.key" ]; then
    if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then
        echo "Error: certificate not exist"
        log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT"
        exit $E_CERT_NOTEXIST
    fi
    # Checking certificate
    crt=$(openssl verify $ssl_dir/$domain.crt 2>/dev/null |grep '/C=')
    if [ -z "$crt" ]; then
        echo "Error: certificate invalid"
        log_event 'debug' "$E_CERT_INVALID $V_EVENT"
        exit $E_CERT_INVALID
    fi
    # Checking certificate key
    openssl rsa -in "$ssl_dir/$domain.key" -check >/dev/null 2>/dev/null
    if [ "$?" -ne 0 ]; then
        echo "Error: key invalid"
        log_event 'debug' "$E_KEY_INVALID $V_EVENT"
        exit $E_KEY_INVALID
    fi
    # Checking certificate authority
    if [ -e "$ssl_dir/$domain.ca" ]; then
        ca=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep '/C=')
        if [ -z "$ca" ]; then
            echo "Error: certificate invalid"
            log_event 'debug' "$E_CERT_INVALID $V_EVENT"
            exit $E_CERT_INVALID
        fi
    fi
    # Checking server
    openssl s_server -quiet \
        -cert $ssl_dir/$domain.crt -key $ssl_dir/$domain.key &
    pid=$!
    sleep 1
    disown > /dev/null 2>&1
    kill $pid > /dev/null 2>&1
    result=$?
    if [ "$result" -ne '0' ]; then
        echo "Error: certificate key pair invalid"
        log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT"
        exit $E_CERTKEY_INVALID
    fi
 }
@ -733,8 +775,14 @@ upd_web_domain_values() {
    fi
    # Defining SSL vars
-    ssl_cert="$V_HOME/$user/conf/$SSL.crt"
+    ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt"
-    ssl_key="$V_HOME/$user/conf/$SSL.key"
+    ssl_key="$V_HOME/$user/conf/ssl.$domain.key"
    ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem"
    ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca"
    if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then
        ssl_ca_str='#'
    fi
    case $SSL_HOME in
        single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;;
        same) docroot="$V_HOME/$user/web/$domain/public_html" ;;
--- a/func/ssl.func
+++ b/func/ssl.func
@ -1,76 +0,0 @@
 is_cert_free() {
    # Defining path
    user_cert="$V_USERS/$user/ssl/$cert"
    # Checking file existance
    if [ -e "$user_cert.crt" ] || [ -e "$user_cert.key" ]; then
        echo "Error: certificate exist"
        log_event 'debug' "$E_CERT_EXIST $V_EVENT"
        exit $E_CERT_EXIST
    fi
 }
 is_cert_valid() {
    path="$1"
    # Checking file existance
    if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then
        echo "Error: certificate not exist"
        log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT"
        exit $E_CERT_NOTEXIST
    fi
    # Checking crt file
    crt=$(openssl verify "$path/$ssl.crt" 2>/dev/null|tail -n 1|grep -w 'OK')
    if [ -z "$crt" ]; then
        echo "Error: certificate invalid"
        log_event 'debug' "$E_CERT_INVALID $V_EVENT"
        exit $E_CERT_INVALID
    fi
    # Checking key file
    key=$(openssl rsa -in "$path/$ssl.key" -check 2>/dev/null|\
        head -n1|grep -w 'ok')
    if [ -z "$key" ]; then
        echo "Error: key invalid"
        log_event 'debug' "$E_KEY_INVALID $V_EVENT"
        exit $E_KEY_INVALID
    fi
    # FIXME we should run server on free port
    # Checking server
    cmd="openssl s_server -quiet -cert $path/$ssl.crt -key $path/$ssl.key"
    $cmd &
    # Defining pid
    pid=$!
    # Sleep 1 second
    sleep 1
    # Disown background process
    disown > /dev/null 2>&1
    # Killing ssl server
    kill $pid > /dev/null 2>&1
    # Checking result
    result=$?
    if [ "$result" -ne '0' ]; then
        echo "Error: certificate key pair invalid"
        log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT"
        exit $E_CERTKEY_INVALID
    fi
 }
 is_cert_used() {
    # Parsing config
    check_cert=$(grep "SSL='$ssl'" $V_USERS/$user/*.conf)
    # Checking result
    if [ ! -z "$check_cert" ]; then
        echo "Error: certificate used"
        log_event 'debug' "$E_CERT_USED $V_EVENT"
        exit $E_CERT_USED
    fi
 }