Merge pull request hestiacp#2097 from jaapmarcus/fix/2096-ssl-hostname-overwritten

jaapmarcus · web-flow · commit 9bab92cc02fb · 2021-08-31T10:23:49.000+02:00
Add check if domain.com exists in certificate
diff --git a/func/domain.sh b/func/domain.sh
@@ -697,20 +697,25 @@ add_mail_ssl_config() {
         rm -f /etc/dovecot/conf.d/domains/$domain.conf
     fi
     
-    echo "" >> /etc/dovecot/conf.d/domains/$domain.conf
-    echo "local_name $domain {" >> /etc/dovecot/conf.d/domains/$domain.conf
-    echo "  ssl_cert = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem" >> /etc/dovecot/conf.d/domains/$domain.conf
-    echo "  ssl_key = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key" >> /etc/dovecot/conf.d/domains/$domain.conf
-    echo "}" >> /etc/dovecot/conf.d/domains/$domain.conf
+    mail_check=$(v-list-mail-domain-ssl $user $domain | grep SUBJECT | grep " $domain");
+    mail_check_alias=$(v-list-mail-domain-ssl $user $domain | grep ALIASES | grep " $domain");
+    if [ ! -z "$mail_check" ] || [ ! -z "$mail_check_alias" ]; then 
+        echo "" >> /etc/dovecot/conf.d/domains/$domain.conf
+        echo "local_name $domain {" >> /etc/dovecot/conf.d/domains/$domain.conf
+        echo "  ssl_cert = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem" >> /etc/dovecot/conf.d/domains/$domain.conf
+        echo "  ssl_key = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key" >> /etc/dovecot/conf.d/domains/$domain.conf
+        echo "}" >> /etc/dovecot/conf.d/domains/$domain.conf
+        # Add domain SSL configuration to exim4
+        ln -s $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem $HESTIA/ssl/mail/$domain.crt
+        ln -s $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key $HESTIA/ssl/mail/$domain.key
+    fi 
     echo "" >> /etc/dovecot/conf.d/domains/$domain.conf
     echo "local_name mail.$domain {" >> /etc/dovecot/conf.d/domains/$domain.conf
     echo "  ssl_cert = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem" >> /etc/dovecot/conf.d/domains/$domain.conf
     echo "  ssl_key = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key" >> /etc/dovecot/conf.d/domains/$domain.conf
     echo "}" >> /etc/dovecot/conf.d/domains/$domain.conf
-
+    
     # Add domain SSL configuration to exim4
-    ln -s $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem $HESTIA/ssl/mail/$domain.crt
-    ln -s $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key $HESTIA/ssl/mail/$domain.key
     ln -s $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem $HESTIA/ssl/mail/mail.$domain.crt
     ln -s $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key $HESTIA/ssl/mail/mail.$domain.key
 
@@ -725,7 +730,10 @@ add_mail_ssl_config() {
 
 # Delete SSL support for mail domain
 del_mail_ssl_config() {
-    
+    # Do a few checks to prevent accidentally removal of domain.com
+    mail_check=$(v-list-mail-domain-ssl $user $domain | grep SUBJECT | grep " $domain");
+    mail_check_alias=$(v-list-mail-domain-ssl $user $domain | grep ALIASES | grep " $domain");
+
     # Remove old mail certificates
     rm -f $HOMEDIR/$user/conf/mail/$domain/ssl/*
 
@@ -739,7 +747,9 @@ del_mail_ssl_config() {
 
     # Remove SSL certificates
     rm -f $HOMEDIR/$user/conf/mail/$domain/ssl/*
-    rm -f $HESTIA/ssl/mail/$domain.crt $HESTIA/ssl/mail/$domain.key
+    if [ ! -z "$mail_check" ] || [ ! -z "$mail_check_alias" ]; then 
+        rm -f $HESTIA/ssl/mail/$domain.crt $HESTIA/ssl/mail/$domain.key
+    fi
     rm -f $HESTIA/ssl/mail/mail.$domain.crt $HESTIA/ssl/mail/mail.$domain.key
 }
 
diff --git a/install/upgrade/versions/1.4.13.sh b/install/upgrade/versions/1.4.13.sh
@@ -21,4 +21,9 @@
 if [[ $(echo "$servername" | grep -o "\." | wc -l) -lt 2 ]] || [[ $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]];; then
     UPGRADE_MESSAGE="$UPGRADE_MESSAGE\nWe've noticed that you're using a invalid hostname. Please have a look at the RFC1178 standard (https://datatracker.ietf.org/doc/html/rfc1178) and use a valid one (ex. hostname.domain.tld). You can change the hostname using v-change-sys-hostname and also add a ssl certificate using v-add-letsencypt-host (proper dns A record mandatory). You'll find more informations in our documentation: https://docs.hestiacp.com/admin_docs/web/ssl_certificates.html#how-to-setup-let-s-encrypt-for-the-control-panel"
     $HESTIA/bin/v-add-user-notification admin "Invalid Hostname detected" "Warning: We've noticed that you're using a invalid hostname. Please have a look at the <a href="https://datatracker.ietf.org/doc/html/rfc1178" target="_blank">RFC1178 standard</a> and use a valid one (ex. hostname.domain.tld). You can change the hostname using v-change-sys-hostname and also add a ssl certificate using v-add-letsencypt-host (proper dns A record mandatory). You'll find more informations in our <a href="https://docs.hestiacp.com/admin_docs/web/ssl_certificates.html#how-to-setup-let-s-encrypt-for-the-control-panel" target=_"blank">documentation</a>."
+fi
+
+# Empty $HESTIA/ssl/mail/ due to bug in #2066 
+if [ -e "$HESTIA/ssl/mail/" ]; then
+    rm -fr $HESTIA/ssl/mail/*
 fi
