From 91782e1ce834696316acb350638e525142d920a9 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Sun, 18 Oct 2020 15:10:54 -0400
Subject: [PATCH] modified backup and restore script to capture the /certs
 directory. Also added a section tot eh readme

---
 README.md  | 11 +++++++++++
 backup.sh  |  1 +
 install.sh |  3 ++-
 restore.sh |  2 ++
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 408e1bb9..70233a8c 100644
--- a/README.md
+++ b/README.md
@@ -124,4 +124,15 @@ Download and run the restore script, passing it the backup tar file as the first
 wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/restore.sh
 chmod +x restore.sh
 ./restore.sh rmm-backup-xxxxxxx.tar
+```
+
+## Using another ssl certificate
+During the install you can opt out of using the Let's Encrypt certificate. If you do this the script will create a self-signed certificate, so that https continues to work. You can replace the certificates in /certs/example.com/(privkey.pem | pubkey.pem) with your own. 
+
+If you are migrating from Let's Encrypt to another certificate provider, you can create the /certs directory and copy your certificates there. It is recommended to do this because this directory will be backed up with the backup script provided. Then modify the nginx configurations to use your new certificates
+
+The cert that is generated in a wildcard certificate and is used in the nginx configurations: rmm.conf, api.conf, and mesh.conf. If you can't generate wildcard certificates you can create a cert for each subdomain and configure each nginx configuration file to use it's own certificate. Then restart nginx:
+
+```
+sudo systemctl restart nginx
 ```
\ No newline at end of file
diff --git a/backup.sh b/backup.sh
index 3d9add98..cdff65b9 100644
--- a/backup.sh
+++ b/backup.sh
@@ -39,6 +39,7 @@ sudo tar -czvf ${tmp_dir}/salt/etc-salt.tar.gz -C /etc/salt .
 tar -czvf ${tmp_dir}/salt/srv-salt.tar.gz -C /srv/salt .
 
 sudo tar -czvf ${tmp_dir}/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt .
+sudo tar -czvf ${tmp_dir}/certs/certs.tar.gz -C /certs .
 
 sudo tar -czvf ${tmp_dir}/nginx/etc-nginx.tar.gz -C /etc/nginx .
 
diff --git a/install.sh b/install.sh
index f596228a..471b4d1c 100755
--- a/install.sh
+++ b/install.sh
@@ -133,6 +133,8 @@ sudo apt install -y software-properties-common
 sudo apt update
 sudo apt install -y certbot openssl
 
+sudo mkdir /certs
+
 until [[ $LETS_ENCRYPT =~ (y|n) ]]; do
     echo -ne "${YELLOW}Do you want to generate a Let's Encrypt certificate?[y,n]${NC}: "
     read LETS_ENCRYPT
@@ -160,7 +162,6 @@ if [[ $LETS_ENCRYPT == "y" ]]; then
 else
     echo -ne "\n${GREEN}We will generate a self-signed certificate for you.${NC}\n"
     echo "\n${GREEN}You can replace this certificate later by generating the certificates and editting the nginx configuration\n"
-    sudo mkdir /certs
     sudo mkdir /certs/${rootdomain}
     sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /certs/${rootdomain}/pubkey.pem -keyout /certs/${rootdomain}/privkey.pem -subj "/C=US/ST=Some-State/L=city/O=Internet Widgits Pty Ltd/CN=*.${rootdomain}"
 
diff --git a/restore.sh b/restore.sh
index 939b1211..621099ad 100755
--- a/restore.sh
+++ b/restore.sh
@@ -122,6 +122,8 @@ sudo apt install -y certbot
 sudo rm -rf /etc/letsencrypt
 sudo mkdir /etc/letsencrypt
 sudo tar -xzf $tmp_dir/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt
+sudo mkdir /certs
+sudo tar -xzf $tmp_dir/certs/certs.tar.gz -C /certs
 
 print_green 'Restoring celery configs'