letsencrypt: remove .well-known dir after renewal

changelog.md

@@ -1,7 +1,9 @@
 
-[v0.53.1](https://github.com/nextcloud/nextcloudpi/commit/b2c50f5) (2018-03-17) fix web update to NC13.0.1 with .well-known existence
+[v0.53.2](https://github.com/nextcloud/nextcloudpi/commit/5608921) (2018-03-17) letsencrypt: remove .well-known dir after renewal
 
-[v0.53.0](https://github.com/nextcloud/nextcloudpi/commit/cf6c432) (2018-03-17) update to NC 13.0.1
+[v0.53.1](https://github.com/nextcloud/nextcloudpi/commit/d8ad80c) (2018-03-17) fix web update to NC13.0.1 with .well-known existence
+
+[v0.53.0 ](https://github.com/nextcloud/nextcloudpi/commit/cf6c432) (2018-03-17) update to NC 13.0.1
 
 [v0.52.2 ](https://github.com/nextcloud/nextcloudpi/commit/f5d0916) (2018-03-17) build: small script adjustments
 

etc/nextcloudpi-config.d/letsencrypt.sh

@@ -52,6 +52,7 @@ persistent_cfg /etc/letsencrypt
 cat > /etc/cron.weekly/letsencrypt-ncp <<EOFCRON
 #!/bin/bash
 /etc/letsencrypt/certbot-auto renew --quiet
+rm -rf $NCDIR/.well-known
 EOFCRON
 
 chmod +x /etc/cron.weekly/letsencrypt-ncp
@@ -75,6 +76,7 @@ configure()
     cat > /etc/cron.weekly/letsencrypt-ncp <<EOF
 #!/bin/bash
 /etc/letsencrypt/certbot-auto renew --quiet
+rm -rf $NCDIR/.well-known
 EOF
     chmod +x /etc/cron.weekly/letsencrypt-ncp
 

update.sh

@@ -126,44 +126,6 @@ done
   install_script nc-backup.sh &>/dev/null
   cd - &>/dev/null
 
-  # add ncp-config link
-  [[ -e /usr/local/bin/ncp-config ]] || ln -s /usr/local/bin/nextcloudpi-config /usr/local/bin/ncp-config
-
-  # turn modsecurity logs off, too spammy
-  sed -i 's|SecAuditEngine .*|SecAuditEngine Off|' /etc/modsecurity/modsecurity.conf
-
-  # fix unattended upgrades failing on modified files
-  grep -q Dpkg::Options /etc/apt/apt.conf.d/20nextcloudpi-upgrades || \
-    cat >> /etc/apt/apt.conf.d/20nextcloudpi-upgrades <<EOF
-Dpkg::Options {
-   "--force-confdef";
-   "--force-confold";
-};
-EOF
-
-  # some added security
-  sed -i 's|^ServerSignature .*|ServerSignature Off|' /etc/apache2/conf-enabled/security.conf
-  sed -i 's|^ServerTokens .*|ServerTokens Prod|'      /etc/apache2/conf-enabled/security.conf
-
-  # remove redundant configuration from unattended upgrades
-  [[ "$( ls -l /etc/php/7.0/fpm/conf.d/*-opcache.ini |  wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.0/fpm/conf.d/*-opcache.ini | tail -1 )"
-  [[ "$( ls -l /etc/php/7.0/cli/conf.d/*-opcache.ini |  wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.0/cli/conf.d/*-opcache.ini | tail -1 )"
-
-  # upgrade launcher after logging improvements
-  cat > /home/www/ncp-launcher.sh <<'EOF'
-#!/bin/bash
-DIR=/usr/local/etc/nextcloudpi-config.d
-test -f $DIR/$1 || { echo "File not found"; exit 1; }
-source /usr/local/etc/library.sh
-cd $DIR
-launch_script $1
-EOF
-  chmod 700 /home/www/ncp-launcher.sh
-
-  # update sudoers permissions for the reboot command
-  grep -q reboot /etc/sudoers || \
-    sed -i 's|www-data.*|www-data ALL = NOPASSWD: /home/www/ncp-launcher.sh , /sbin/halt, /sbin/reboot|' /etc/sudoers
-
   # randomize passwords for old images ( older than v0.46.30 )
   cat > /usr/lib/systemd/system/nc-provisioning.service <<'EOF'
 [Unit]
@@ -293,6 +255,16 @@ EOF
   # fix updates from NC12 to NC12.0.1
   rm -rf /var/www/nextcloud/.well-known
 
+  # remove .well-known after each renewal
+  test -d /etc/letsencrypt/live && {
+    cat > /etc/cron.weekly/letsencrypt-ncp <<EOF
+#!/bin/bash
+/etc/letsencrypt/certbot-auto renew --quiet
+rm -rf /var/www/nextcloud/.well-known
+EOF
+    chmod +x /etc/cron.weekly/letsencrypt-ncp
+  }
+
 } # end - only live updates
 
 exit 0