[Backup] Fix restore of mail domain SSL

Kristan Kenney · Kristan Kenney · commit ce166dd06f17 · 2020-07-08T02:52:20.000-03:00
Certificates were backed up, but not restored properly causing mail services to fail.
diff --git a/bin/v-restore-user b/bin/v-restore-user
@@ -603,8 +603,65 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
             cp -f $tmpdir/mail/$domain/$backup_system/$domain.pub $USER_DATA/mail/
         fi
 
-        rebuild_mail_domain_conf
-        
+        # Restore SSL
+        check_config=$(grep "DOMAIN='$domain'" $USER_DATA/mail.conf | grep -o "SSL='yes'")
+        if [ ! -z "$check_config" ]; then
+            if [ ! -e "$HESTIA/data/users/$user/ssl/" ]; then
+                mkdir -p $HESTIA/data/users/$user/ssl/
+            fi
+            
+            if [ ! -e "$HOMEDIR/$user/conf/mail/$domain/ssl/" ]; then
+                mkdir -p $HOMEDIR/$user/conf/mail/$domain/ssl/
+            fi
+
+            # Add certificate to Hestia user configuration data directory
+            if [ -f $tmpdir/mail/$domain/$backup_system/ssl/$domain.crt ]; then
+                echo "path found"
+                cp -f $tmpdir/mail/$domain/$backup_system/ssl/$domain.crt $USER_DATA/ssl/mail.$domain.crt
+                cp -f $tmpdir/mail/$domain/$backup_system/ssl/$domain.key $USER_DATA/ssl/mail.$domain.key
+                cp -f $tmpdir/mail/$domain/$backup_system/ssl/$domain.crt $USER_DATA/ssl/mail.$domain.pem
+                if [ -e "$tmpdir/mail/$domain/$backup_system/ssl//$domain.ca" ]; then
+                    cp -f $tmpdir/mail/$domain/$backup_system/ssl//$domain.ca $USER_DATA/ssl/mail.$domain.ca
+                    echo >> $USER_DATA/ssl/mail.$domain.pem
+                    cat $USER_DATA/ssl/mail.$domain.ca >> $USER_DATA/ssl/mail.$domain.pem
+                fi
+            fi
+            
+            chmod 660 $USER_DATA/ssl/mail.$domain.*
+
+            # Add certificate to user home directory
+            cp -f $USER_DATA/ssl/mail.$domain.crt $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt
+            cp -f $USER_DATA/ssl/mail.$domain.key $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key
+            cp -f $USER_DATA/ssl/mail.$domain.pem $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem
+            if [ -e "$USER_DATA/ssl/mail.$domain.ca" ]; then
+                cp -f $USER_DATA/ssl/mail.$domain.ca $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.ca
+            fi
+
+            # Add domain SSL configuration to dovecot
+            if [ -f /etc/dovecot/conf.d/domains/$domain.conf ]; then
+                rm -f /etc/dovecot/conf.d/domains/$domain.conf
+            fi
+                
+            echo "" >> /etc/dovecot/conf.d/domains/$domain.conf
+            echo "local_name mail.$domain {" >> /etc/dovecot/conf.d/domains/$domain.conf
+            echo "  ssl_cert = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem" >> /etc/dovecot/conf.d/domains/$domain.conf
+            echo "  ssl_key = <$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key" >> /etc/dovecot/conf.d/domains/$domain.conf
+            echo "}" >> /etc/dovecot/conf.d/domains/$domain.conf
+
+            # Add domain SSL configuration to exim4
+            # Cleanup broken symlinks
+            find /usr/local/hestia/ssl/mail -xtype l -delete
+
+            ln -s -f $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem /usr/local/hestia/ssl/mail/mail.$domain.crt
+            ln -s -f $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key /usr/local/hestia/ssl/mail/mail.$domain.key
+
+            # Set correct permissions on certificates
+            chmod 750 $HOMEDIR/$user/conf/mail/$domain/ssl
+            chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain/ssl
+            chmod 0644 $HOMEDIR/$user/conf/mail/$domain/ssl/*
+            chown -h $user:mail $HOMEDIR/$user/conf/mail/$domain/ssl/*
+            chmod -R 0644 /usr/local/hestia/ssl/mail/*
+            chown -h $user:mail /usr/local/hestia/ssl/mail/*
         fi
 
         # Restoring email accounts
