try to fix ssl generation and configration scripts

josecelano · josecelano · commit 8b0e1ad40f39 · 2025-08-08T18:13:42.000+01:00
diff --git a/application/share/bin/ssl-activate-renewal.sh b/application/share/bin/ssl-activate-renewal.sh
@@ -105,9 +105,9 @@ check_ssl_certificates() {
     local cert_dirs
     
     # Look for any SSL certificates in the expected location
-    if docker compose exec proxy find /etc/letsencrypt/live -name "fullchain.pem" -type f 2>/dev/null | grep -q "fullchain.pem"; then
+    if docker compose --env-file /var/lib/torrust/compose/.env exec proxy find /etc/letsencrypt/live -name "fullchain.pem" -type f 2>/dev/null | grep -q "fullchain.pem"; then
         cert_found=true
-        cert_dirs=$(docker compose exec proxy find /etc/letsencrypt/live -name "fullchain.pem" -type f 2>/dev/null | sed 's|/fullchain.pem||' | sed 's|.*/||')
+        cert_dirs=$(docker compose --env-file /var/lib/torrust/compose/.env exec proxy find /etc/letsencrypt/live -name "fullchain.pem" -type f 2>/dev/null | sed 's|/fullchain.pem||' | sed 's|.*/||')
         
         log_info "Found SSL certificates for:"
         while IFS= read -r domain; do
@@ -116,7 +116,7 @@ check_ssl_certificates() {
                 
                 # Check certificate expiration
                 local expiry
-                expiry=$(docker compose exec proxy openssl x509 -in "/etc/letsencrypt/live/${domain}/cert.pem" -noout -enddate 2>/dev/null | cut -d= -f2 || echo "Unable to determine")
+                expiry=$(docker compose --env-file /var/lib/torrust/compose/.env exec proxy openssl x509 -in "/etc/letsencrypt/live/${domain}/cert.pem" -noout -enddate 2>/dev/null | cut -d= -f2 || echo "Unable to determine")
                 log_info "    Expires: ${expiry}"
             fi
         done <<< "${cert_dirs}"
@@ -244,7 +244,7 @@ remove_renewal_cronjob() {
 test_ssl_renewal() {
     log_info "Testing SSL certificate renewal (dry run)..."
     
-    if docker compose run --rm certbot renew --dry-run; then
+    if docker compose --env-file /var/lib/torrust/compose/.env run --rm certbot renew --dry-run; then
         log_success "SSL renewal test passed"
         log_info "Automatic renewal should work correctly"
     else
@@ -286,7 +286,7 @@ show_renewal_info() {
     log_info "  tail -f /var/log/ssl-renewal.log"
     log_info ""
     log_info "To test renewal manually:"
-    log_info "  docker compose run --rm certbot renew --dry-run"
+    log_info "  docker compose --env-file /var/lib/torrust/compose/.env run --rm certbot renew --dry-run"
 }
 
 # Main function
@@ -321,9 +321,9 @@ main() {
     fi
     
     # Check if Docker services are running
-    if ! docker compose ps | grep -q "Up"; then
+    if ! docker compose --env-file /var/lib/torrust/compose/.env ps | grep -q "Up"; then
         log_error "Docker Compose services are not running"
-        log_error "Please start services first: docker compose up -d"
+        log_error "Please start services first: docker compose --env-file /var/lib/torrust/compose/.env up -d"
         exit 1
     fi
     
diff --git a/application/share/bin/ssl-configure-nginx.sh b/application/share/bin/ssl-configure-nginx.sh
@@ -48,9 +48,9 @@ check_prerequisites() {
     log_info "Checking prerequisites for nginx HTTPS configuration..."
     
     # Check if nginx is running
-    if ! docker compose ps proxy | grep -q "Up"; then
+    if ! docker compose --env-file /var/lib/torrust/compose/.env ps proxy | grep -q "Up"; then
         log_error "Nginx proxy service is not running"
-        log_error "Please start services first: docker compose up -d"
+        log_error "Please start services first: docker compose --env-file /var/lib/torrust/compose/.env up -d"
         exit 1
     fi
     
diff --git a/application/share/bin/ssl-generate.sh b/application/share/bin/ssl-generate.sh
@@ -88,9 +88,9 @@ check_prerequisites() {
     fi
     
     # Check if required services are running
-    if ! docker compose ps proxy | grep -q "Up"; then
+    if ! docker compose --env-file /var/lib/torrust/compose/.env ps proxy | grep -q "Up"; then
         log_error "Proxy service is not running"
-        log_error "Please start services first: docker compose up -d"
+        log_error "Please start services first: docker compose --env-file /var/lib/torrust/compose/.env up -d"
         exit 1
     fi
     
@@ -102,13 +102,18 @@ generate_dhparam() {
     log_info "Checking DH parameters..."
     
     # Check if DH parameters already exist
-    if docker compose exec proxy test -f "/etc/ssl/certs/dhparam.pem" 2>/dev/null; then
+    if docker compose --env-file /var/lib/torrust/compose/.env exec proxy test -f "/etc/ssl/certs/dhparam.pem" 2>/dev/null; then
         log_info "DH parameters already exist, skipping generation"
         return 0
     fi
     
     log_info "Generating DH parameters (this may take several minutes)..."
-    if docker compose exec proxy openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048; then
+    # Generate DH parameters on the host and copy to container
+    local temp_dhparam="/tmp/dhparam.pem"
+    if openssl dhparam -out "${temp_dhparam}" 2048; then
+        # Copy to container
+        docker cp "${temp_dhparam}" "$(docker compose --env-file /var/lib/torrust/compose/.env ps -q proxy):/etc/ssl/certs/dhparam.pem"
+        rm -f "${temp_dhparam}"
         log_success "DH parameters generated successfully"
     else
         log_error "Failed to generate DH parameters"
@@ -193,9 +198,9 @@ show_certificate_info() {
     log_info "  Type: Let's Encrypt ${MODE_NAME} certificate"
     
     # Try to show certificate expiration
-    if docker compose exec proxy test -f "/etc/letsencrypt/live/${subdomain}/cert.pem" 2>/dev/null; then
+    if [[ -f "/var/lib/torrust/certbot/etc/letsencrypt/live/${subdomain}/cert.pem" ]]; then
         local expiry
-        expiry=$(docker compose exec proxy openssl x509 -in "/etc/letsencrypt/live/${subdomain}/cert.pem" -noout -enddate 2>/dev/null | cut -d= -f2 || echo "Unable to determine")
+        expiry=$(openssl x509 -in "/var/lib/torrust/certbot/etc/letsencrypt/live/${subdomain}/cert.pem" -noout -enddate 2>/dev/null | cut -d= -f2 || echo "Unable to determine")
         log_info "  Expires: ${expiry}"
     fi
 }
diff --git a/application/share/bin/ssl-setup.sh b/application/share/bin/ssl-setup.sh
@@ -34,7 +34,7 @@ source "${PROJECT_ROOT}/scripts/shell-utils.sh"
 DOMAIN=""
 EMAIL=""
 MODE="staging"
-SKIP_DNS_VALIDATION=false
+SKIP_DNS_VALIDATION=true
 HELP=false
 
 # Parse command line arguments
@@ -178,9 +178,9 @@ check_prerequisites() {
     fi
 
     # Check if main services are running
-    if ! docker compose ps | grep -q "Up"; then
+    if ! docker compose --env-file /var/lib/torrust/compose/.env ps | grep -q "Up"; then
         log_error "Docker Compose services are not running"
-        log_error "Please run 'docker compose up -d' first"
+        log_error "Please run 'docker compose --env-file /var/lib/torrust/compose/.env up -d' first"
         exit 1
     fi
 
