Show
Ignore:
Timestamp:
03.09.2018 18:30:29 (14 months ago)
Author:
ak19
Message:

Introduced the Windows https cert renewal part of the renewal target. It reuses the Win issuance target.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/build.xml

    r32422 r32423  
    16381638    <echo> 
    16391639      NOTE: To run this target, 
    1640       * you need to have sudo permissions. Enter the sudo password if prompted. 
    1641       * ensure nothing is running on port 80. 
     1640      * ensure nothing is running on port 80. 
     1641      * if you're on Linux, you need to have sudo permissions. Enter the sudo password if prompted.       
    16421642 
    16431643      If you want your cronjob to renew a certificate, you can add pre and post hooks 
     
    16461646         ./path/to/GS3/bin/linux/certbot-auto --help renew 
    16471647    </echo> 
    1648     <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 
     1648    <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 
    16491649     <arg value="renew"/> 
    16501650     <arg value="--quiet"/> 
    16511651     <arg value="--no-self-upgrade"/> 
    16521652    </exec> 
     1653     
     1654    <!-- For rewewal on Windows, need to re-run the original (issuance) command and append "min-min-renew XX" to it, 
     1655        where if it's within XX days of expiry, the certificate will get renewed. 
     1656        See https://zerossl.com/usage.html#Certificate_renewal --> 
     1657    <if><bool><istrue value="${current.os.iswindows}"/></bool> 
     1658             
     1659        <input addproperty="https.other.domains">Enter a comma separated list of additional domains besides tomcat.server=${tomcat.server} that you registered on issuance, if any</input> 
     1660        <condition property="https.cert.domains" value="${tomcat.server},${https.other.domains}" else="${tomcat.server}"> 
     1661            <and> 
     1662              <isset property="https.other.domains" /> 
     1663              <not><matches string="${https.other.domains}" pattern="^\s*$"/></not> 
     1664            </and> 
     1665        </condition> 
     1666        <antcall target="setup-https-cert-windows"> 
     1667            <param name="https.cert.renewal" value="--renew 10"/>            
     1668        </antcall> 
     1669    </if> 
    16531670  </target> 
    16541671 
     
    16601677  <target name="remove-https-cert" depends="check-os-for-https-cert-support"> 
    16611678    <echo> 
    1662       NOTE: You need to have sudo permissions to execute this target. 
     1679      NOTE: If you're on Linux, you need to have sudo permissions to execute this target. 
    16631680      Enter the sudo password if prompted. 
    16641681    </echo> 
     
    17461763  <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set"> 
    17471764    <input addproperty="https.cert.email">Enter an email that Let's Encrypt, the certification authority, can send any important notifications to</input> 
    1748     <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, you may enter a comma separated list of additional domains to support if any</input> 
     1765    <input addproperty="https.other.domains">Besides tomcat.server=${tomcat.server}, enter a comma separated list of additional domains to support, if any</input> 
    17491766    <input addproperty="https.cert.agree" validargs="y,n">You've read the Let's Encrypt Subscriber Agreement at https://letsencrypt.org/repository/ and agree</input> 
    17501767    <if> 
     
    17711788        <echo>Proceeding...</echo>     
    17721789        <if><bool><istrue value="${current.os.iswindows}"/></bool> 
    1773             <antcall target="setup-https-cert-windows"/> 
     1790            <antcall target="setup-https-cert-windows"> 
     1791                <param name="https.cert.renewal" value=""/><!-- for cert issuance, there are none of the additional parameters specific to cert renewal --> 
     1792            </antcall> 
    17741793        </if> 
    17751794        <if><bool><istrue value="${current.os.isunixnotmac}"/></bool> 
     
    17821801   
    17831802  <target name="setup-https-cert-windows"> 
     1803     
    17841804    <echo>********** The included tomcat will be stopped, then restarted on port 80 and stopped again</echo> 
    17851805     
     
    18201840      <arg value="--csr" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.csr" /> 
    18211841      <arg value="--csr-key" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.key" /> 
    1822       <!--<arg value="==crt" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.crt" />-->     
     1842      <!--<arg value="==crt" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.crt" />--> 
    18231843      <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt" /> 
    18241844      <arg value="--domains" /><arg value="${https.cert.domains}" /> 
     
    18281848      <arg line="${https.testing}" /><!-- minus-minus-live if not testing, empty if testing. https://stackoverflow.com/questions/11840284/pass-arguments-to-apache-ant-exec-task-based-on-the-variables-value --> 
    18291849      <arg value="--export-pfx" /><arg value="${keystore.pass}" /> 
     1850      <arg line="${https.cert.renewal}" /><!-- rewew command on windows appends min-min-renew XX, where if the day the renewal is run is XX days within expiry, the certificate will get renewed. --> 
    18301851    </exec> 
    18311852     
     
    18391860        <param name="https.comment.out.end" value="${comment.end}"/> 
    18401861    </antcall> 
    1841      
    18421862     
    18431863  </target>