- Timestamp:
- 2018-09-03T18:34:55+12:00 (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/build.xml
r32423 r32424 1631 1631 1632 1632 <!-- ============ Targets concerned with https certification ================ --> 1633 <!-- Renewing existing https certificate1634 https://certbot.eff.org/docs/using.html#renewing-certificates1635 ./path/to/GS3/bin/linux/certbot-auto renew ==quiet ==no-self-upgrade1636 -->1637 <target name="renew-existing-https-cert">1638 <echo>1639 NOTE: To run this target,1640 * ensure nothing is running on port 80.1641 * if you're on Linux, you need to have sudo permissions. Enter the sudo password if prompted.1642 1643 If you want your cronjob to renew a certificate, you can add pre and post hooks1644 refer to https://certbot.eff.org/docs/using.html#renewing-certificates1645 For more information run:1646 ./path/to/GS3/bin/linux/certbot-auto --help renew1647 </echo>1648 <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">1649 <arg value="renew"/>1650 <arg value="--quiet"/>1651 <arg value="--no-self-upgrade"/>1652 </exec>1653 1654 <!-- For rewewal on Windows, need to re-run the original (issuance) command and append "min-min-renew XX" to it,1655 where if it's within XX days of expiry, the certificate will get renewed.1656 See https://zerossl.com/usage.html#Certificate_renewal -->1657 <if><bool><istrue value="${current.os.iswindows}"/></bool>1658 1659 <input addproperty="https.other.domains">Enter a comma separated list of additional domains besides tomcat.server=${tomcat.server} that you registered on issuance, if any</input>1660 <condition property="https.cert.domains" value="${tomcat.server},${https.other.domains}" else="${tomcat.server}">1661 <and>1662 <isset property="https.other.domains" />1663 <not><matches string="${https.other.domains}" pattern="^\s*$"/></not>1664 </and>1665 </condition>1666 <antcall target="setup-https-cert-windows">1667 <param name="https.cert.renewal" value="--renew 10"/>1668 </antcall>1669 </if>1670 </target>1671 1672 <!-- Revoke the certificate and remove it, including folders.1673 See https://certbot.eff.org/docs/using.html#revoking-certificates1674 which also states "if a certificate is a test certificate obtained via the1675 ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand."1676 -->1677 <target name="remove-https-cert" depends="check-os-for-https-cert-support">1678 <echo>1679 NOTE: If you're on Linux, you need to have sudo permissions to execute this target.1680 Enter the sudo password if prompted.1681 </echo>1682 <!--1683 On linux, we use certbot-auto.1684 It says at https://github.com/certbot/certbot/issues/17411685 "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser,1686 because the program will invoke sudo when it needs to automatically."1687 We need to send Y(es) as inputstring to confirm that the1688 /etc/letsencrypt/live/${tomcat.server} folder can be deleted.1689 Note osfamily="unix" is separate from osfamily="mac", which comes out handy here as we haven't set up certbot-auto for mac (yet).1690 -->1691 <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y">1692 <arg value="revoke"/>1693 <arg line="${https.testing}"/>1694 <arg value="--cert-path"/><arg value="/etc/letsencrypt/live/${tomcat.server}/cert.pem"/>1695 </exec>1696 <!-- The above command already deletes the folder when Y(es) was passed in. Explicitly deleting:1697 <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true">1698 <arg value="delete"/>1699 <arg value="==cert-name"/><arg value="${tomcat.server}"/>1700 </exec>1701 -->1702 1703 <!-- On Windows, we use zeroSSl. For the revoke command, see https://zerossl.com/usage.html#Certificate_revocation -->1704 <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false">1705 <arg value="/c" />1706 <arg value="le${os.bitness}" />1707 <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" />1708 <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt"/>1709 <arg value="--revoke"/>1710 <arg line="${https.testing}"/>1711 </exec>1712 1713 <!-- And remove the https_cert folder -->1714 <delete dir="${packages.home}/tomcat/conf/https_cert"/>1715 </target>1716 1633 1717 1634 <target name="check-os-for-https-cert-support"> … … 1723 1640 </if> 1724 1641 </target> 1642 1725 1643 1726 1644 <target name="setup-https-cert-info"> … … 1738 1656 </echo> 1739 1657 </target> 1658 1740 1659 1741 1660 <target name="https-conditions-set"> … … 1760 1679 <fail if="quit.https.setup">https certification step aborted by user. Please edit build.properties to set server.protocol=http and comment out tomcat.port.https.</fail> 1761 1680 </target> 1681 1762 1682 1763 1683 <target name="setup-https-cert" depends="check-os-for-https-cert-support,setup-https-cert-info,https-conditions-set"> … … 1799 1719 1800 1720 </target> 1721 1801 1722 1802 1723 <target name="setup-https-cert-windows"> … … 1863 1784 </target> 1864 1785 1786 1865 1787 <target name="setup-https-cert-linux"> 1866 1788 <!-- Running as … … 1923 1845 </exec> 1924 1846 1847 </target> 1848 1849 1850 <!-- Revoke the certificate and remove it, including folders. 1851 See https://certbot.eff.org/docs/using.html#revoking-certificates 1852 which also states "if a certificate is a test certificate obtained via the 1853 ==staging or ==test-cert flag, that flag must be passed to the revoke subcommand." 1854 --> 1855 <target name="remove-https-cert" depends="check-os-for-https-cert-support"> 1856 <echo> 1857 NOTE: If you're on Linux, you need to have sudo permissions to execute this target. 1858 Enter the sudo password if prompted. 1859 </echo> 1860 <!-- 1861 On linux, we use certbot-auto. 1862 It says at https://github.com/certbot/certbot/issues/1741 1863 "you shouldn't run letsencrypt-auto [now called certbot-auto] as superuser, 1864 because the program will invoke sudo when it needs to automatically." 1865 We need to send Y(es) as inputstring to confirm that the 1866 /etc/letsencrypt/live/${tomcat.server} folder can be deleted. 1867 Note osfamily="unix" is separate from osfamily="mac", which comes out handy here as we haven't set up certbot-auto for mac (yet). 1868 --> 1869 <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true" inputstring="Y"> 1870 <arg value="revoke"/> 1871 <arg line="${https.testing}"/> 1872 <arg value="--cert-path"/><arg value="/etc/letsencrypt/live/${tomcat.server}/cert.pem"/> 1873 </exec> 1874 <!-- The above command already deletes the folder when Y(es) was passed in. Explicitly deleting: 1875 <exec executable="./certbot-auto" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 1876 <arg value="delete"/> 1877 <arg value="==cert-name"/><arg value="${tomcat.server}"/> 1878 </exec> 1879 --> 1880 1881 <!-- On Windows, we use zeroSSl. For the revoke command, see https://zerossl.com/usage.html#Certificate_revocation --> 1882 <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}" spawn="false"> 1883 <arg value="/c" /> 1884 <arg value="le${os.bitness}" /> 1885 <arg value="--key" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" /> 1886 <arg value="--crt" /><arg value="${packages.home}\tomcat\conf\https_cert\fullchain_and_prvtkey.crt"/> 1887 <arg value="--revoke"/> 1888 <arg line="${https.testing}"/> 1889 </exec> 1890 1891 <!-- And remove the https_cert folder --> 1892 <delete dir="${packages.home}/tomcat/conf/https_cert"/> 1893 </target> 1894 1895 1896 <!-- Renewing existing https certificate 1897 Linux: 1898 https://certbot.eff.org/docs/using.html#renewing-certificates 1899 ./path/to/GS3/bin/linux/certbot-auto renew ==quiet ==no-self-upgrade 1900 Windows: reuse Windows issuance target 1901 see https://zerossl.com/usage.html#Certificate_renewal 1902 --> 1903 <target name="renew-existing-https-cert"> 1904 <echo> 1905 NOTE: To run this target, 1906 * ensure nothing is running on port 80. 1907 * if you're on Linux, you need to have sudo permissions. Enter the sudo password if prompted. 1908 1909 If you want your cronjob to renew a certificate, you can add pre and post hooks 1910 refer to https://certbot.eff.org/docs/using.html#renewing-certificates 1911 For more information run: 1912 ./path/to/GS3/bin/linux/certbot-auto --help renew 1913 </echo> 1914 <exec executable="./certbot-auto" osfamily="unix" dir="${basedir}/bin/${os.bin.dir}" failonerror="true"> 1915 <arg value="renew"/> 1916 <arg value="--quiet"/> 1917 <arg value="--no-self-upgrade"/> 1918 </exec> 1919 1920 <!-- For rewewal on Windows, need to re-run the original (issuance) command and append "min-min-renew XX" to it, 1921 where if it's within XX days of expiry, the certificate will get renewed. 1922 See https://zerossl.com/usage.html#Certificate_renewal --> 1923 <if><bool><istrue value="${current.os.iswindows}"/></bool> 1924 1925 <input addproperty="https.other.domains">Enter a comma separated list of additional domains besides tomcat.server=${tomcat.server} that you registered on issuance, if any</input> 1926 <condition property="https.cert.domains" value="${tomcat.server},${https.other.domains}" else="${tomcat.server}"> 1927 <and> 1928 <isset property="https.other.domains" /> 1929 <not><matches string="${https.other.domains}" pattern="^\s*$"/></not> 1930 </and> 1931 </condition> 1932 <antcall target="setup-https-cert-windows"> 1933 <param name="https.cert.renewal" value="--renew 10"/> 1934 </antcall> 1935 </if> 1925 1936 </target> 1926 1937
Note:
See TracChangeset
for help on using the changeset viewer.