Changeset 32350 for main/trunk/greenstone3/build.xml
- Timestamp:
- 2018-08-21T18:59:28+12:00 (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/build.xml
r32349 r32350 52 52 53 53 --> 54 <property name="https.test.mode" value="false"/> 54 55 55 56 <property name="os.linux" value="Linux"/> … … 247 248 </condition> 248 249 250 <condition property="https.testing" value="" else="--staging"> 251 <isfalse property="https.test.mode"/> 252 </condition> 253 249 254 <!-- now we've read in properties, apply defaults --> 250 255 <property name="disable.collection.building" value="false"/> … … 1579 1584 1580 1585 <!-- ============ Targets concerned with https certification ================ --> 1586 <!-- Revoke the certificate and remove it, including folders. 1587 See https://certbot.eff.org/docs/using.html#revoking-certificates 1588 which also states "if a certificate is a test certificate obtained via the 1589 ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand." 1590 --> 1581 1591 <target name="remove-cert-https"> 1582 1592 <echo> … … 1584 1594 Enter the sudo password if prompted. 1585 1595 </echo> 1586 <!-- sudo /path/to/GS3/bin/linux/certbot-auto revoke ==cert-path /etc/letsencrypt/live/DOMAIN/cert.pem --> 1587 <!-- sudo echo "Y\n" | /path/to/GS3/bin/linux/certbot-auto revoke ==cert-path /etc/letsencrypt/live/DOMAIN/cert.pem 1588 See http://ant.1045680.n5.nabble.com/Running-lt-exec-gt-task-with-an-quot-interactive-quot-executable-td1349146.html 1589 But shouldn't run certbot-auto by first sudoing. Run certbot-auto directly, it will ask to elevate to sudo permissions 1596 <!-- 1597 It says at https://github.com/certbot/certbot/issues/1741 1598 "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser, 1599 because the program will invoke sudo when it needs to automatically." 1600 We need to send Y(es) as inputstring to confirm that the 1601 /etc/letsencrypt/live/${tomcat.server} folder can be deleted 1590 1602 --> 1591 1603 <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y"> 1592 <arg line="revoke --staging --cert-path /etc/letsencrypt/live/${tomcat.server}/cert.pem"/> 1593 </exec> 1594 1595 <!--<exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 1596 <arg line="delete ==cert-name ${tomcat.server}"/> 1597 </exec>--> 1598 <!-- and remove the https_cert folder --> 1604 <arg value="revoke"/> 1605 <arg value="${https.testing}"/> 1606 <arg value="--cert-path"/><arg value="/etc/letsencrypt/live/${tomcat.server}/cert.pem"/> 1607 </exec> 1608 <!-- The above command already deletes the folder when Y(es) was passed in. Explicitly deleting: 1609 <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 1610 <arg value="delete"/> 1611 <arg value="==cert-name"/><arg value="${tomcat.server}"/> 1612 </exec> 1613 --> 1614 <!-- And remove the https_cert folder --> 1599 1615 <delete dir="${packages.home}/tomcat/conf/https_cert"/> 1600 1616 </target> … … 1662 1678 <else> 1663 1679 <echo>Proceeding...</echo> 1664 <echo>### Phase 1: generating the certificate</echo> 1665 <!-- ./certbot-auto certonly ==standalone ==preferred-challenges http ==email EMAIL -d DOMAINS 1666 need to accept (A) ToS and say Yes (Y) to sharing email --> 1680 <!-- Running as 1681 ./certbot-auto certonly ==standalone ==preferred-challenges http ==email EMAIL -d DOMAINS 1682 expects input from stdin to accept (A) ToS and say Yes (Y) to sharing email. 1683 We can run in non-interactive mode as the user has at this stage already agreed 1684 to LetsEncrypt's Terms of Service and provided an email address. 1685 --> 1667 1686 <exec executable="/bin/bash" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 1668 1687 <arg value="./certbot-auto"/> 1669 1688 <arg value="certonly"/> 1670 <arg value=" --staging"/>1689 <arg value="${https.testing}"/> 1671 1690 <arg value="--standalone"/> 1672 1691 <arg value="--non-interactive"/> … … 1677 1696 </exec> 1678 1697 1679 <echo>### Phase 2: pem to pkcs12</echo>1680 <!--1681 <echo>1682 ********************1683 You will next be asked to enter the Export Password 3 times. Each time,1684 type the value of your keystore.pass exactly as it is in build.properties.1685 ********************1686 </echo>-->1687 1688 1698 <!-- sudo openssl pkcs12 -export -out /tmp/DOMAIN_fullchain_and_key.p12 \ 1689 1699 -in /etc/letsencrypt/live/DOMAIN/fullchain.pem \ 1690 1700 -inkey /etc/letsencrypt/live/DOMAIN/privkey.pem \ 1691 1701 -name tomcat 1702 Must run as sudo because only admin has access to the pem files that admin 1703 generated in /etc/letsencrypt 1692 1704 See https://computingforgeeks.com/tomcat-7-with-letsencrypt-ssl-certificate/ 1693 1705 but also https://community.letsencrypt.org/t/using-lets-encrypt-with-tomcat/41082 … … 1697 1709 1698 1710 <exec executable="sudo" dir="/tmp" failonerror="true"> 1699 <arg line="${basedir}/bin/${os.bin.dir}/openssl/bin/openssl pkcs12 -export -out /tmp/${tomcat.server}_fullchain_and_key.p12 -in /etc/letsencrypt/live/${tomcat.server}/fullchain.pem -inkey /etc/letsencrypt/live/${tomcat.server}/privkey.pem -name tomcat -password pass:${keystore.pass}" /> 1711 <arg value="${basedir}/bin/${os.bin.dir}/openssl/bin/openssl"/> 1712 <arg value="pkcs12"/> 1713 <arg value="-export"/> 1714 <arg value="-out"/><arg value="/tmp/${tomcat.server}_fullchain_and_key.p12"/> 1715 <arg value="-in"/><arg value="/etc/letsencrypt/live/${tomcat.server}/fullchain.pem"/> 1716 <arg value="-inkey"/><arg value="/etc/letsencrypt/live/${tomcat.server}/privkey.pem"/> 1717 <arg value="-name"/><arg value="tomcat"/> 1718 <arg value="-password"/><arg value="pass:${keystore.pass}"/> 1700 1719 </exec> 1701 1720
Note:
See TracChangeset
for help on using the changeset viewer.