From c0d07013fcee27b0a4926a23cfad9745bdd898ce Mon Sep 17 00:00:00 2001
From: /rootzoll <christian@geektank.de>
Date: Wed, 29 May 2024 13:49:16 +0200
Subject: [PATCH] Update acme.sh & fix duckdns (#4560)

* fix dialog info
* acme.sh 3.0.7
* use fake email if none given
* format email correct
* adressing #2255
---
 CHANGES.md                                    |  1 +
 .../blitz.subscriptions.ip2tor.py             |  6 +-
 .../blitz.subscriptions.letsencrypt.py        |  6 +-
 .../config.scripts/blitz.subscriptions.py     |  4 +-
 .../config.scripts/bonus.letsencrypt.sh       | 68 +++++++++----------
 5 files changed, 41 insertions(+), 44 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 77b4313cf..42597cf4f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,6 +2,7 @@
 
 - New: config.scripts/lnd.signaddress.sh to easy sign messages on addresses on LND [details](https://github.com/raspiblitz/raspiblitz/issues/4540)
 - Update: Specter Desktop 2.0.4 with reactivated UPDATE option [details](https://github.com/cryptoadvance/specter-desktop/releases/tag/v2.0.4)
+- Update: acme.sh 3.0.7 (repair duckdns.org dyndns)
 - Remove: Tallycoin-Connect [see service shutdown](https://x.com/djbooth007/status/1784409117563720082)
 - Remove: IP2Tor Shoplist [details](https://github.com/raspiblitz/raspiblitz/issues/4589)
 
diff --git a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
index e2b0401f5..904b4c147 100755
--- a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
+++ b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
@@ -622,9 +622,9 @@ def menuMakeSubscription(blitzServiceName, torAddress, torPort):
         if lastusedShop == choice_url_ip2torcom: lastusedShop="" 
 
         # FULMO Shop
-        choice_url_fulmo="fulmo7x6yvgz6zs2b2ptduvzwevxmizhq23klkenslt5drxx2physlqd.onion"
-        choices.append(("B", "Fulmo Shop"))
-        if lastusedShop == choice_url_fulmo: lastusedShop="" 
+        #choice_url_fulmo="fulmo7x6yvgz6zs2b2ptduvzwevxmizhq23klkenslt5drxx2physlqd.onion"
+        #choices.append(("B", "Fulmo Shop"))
+        #if lastusedShop == choice_url_fulmo: lastusedShop="" 
 
         # add before option if different from static options
         if len(lastusedShop) > 0: choices.append(("Y", lastusedShop))
diff --git a/home.admin/config.scripts/blitz.subscriptions.letsencrypt.py b/home.admin/config.scripts/blitz.subscriptions.letsencrypt.py
index d7c012477..c8a9d2383 100755
--- a/home.admin/config.scripts/blitz.subscriptions.letsencrypt.py
+++ b/home.admin/config.scripts/blitz.subscriptions.letsencrypt.py
@@ -334,8 +334,10 @@ def subscriptions_cancel(s_id):
 
     print(json.dumps(subs, indent=2))
 
-    # todo: deinstall letsencrypt if this was last subscription
-
+    # deinstall letsencrypt/dyndns if this was last subscription
+    if len(subs['subscriptions_letsencrypt']) == 0:
+        os.system("/home/admin/config.scripts/bonus.letsencrypt.sh off")
+        os.system("/home/admin/config.scripts/internet.dyndomain.sh off")
 
 def get_subscription(subscription_id):
     try:
diff --git a/home.admin/config.scripts/blitz.subscriptions.py b/home.admin/config.scripts/blitz.subscriptions.py
index eae24c06a..310c8f6e5 100755
--- a/home.admin/config.scripts/blitz.subscriptions.py
+++ b/home.admin/config.scripts/blitz.subscriptions.py
@@ -268,8 +268,8 @@ def main():
         cfg.reload()
         if not cfg.run_behind_tor.value:
             Dialog(dialog="dialog", autowidgetsize=True).msgbox('''
-    The IP2TOR service just makes sense if you run
-    your RaspiBlitz behind TOR.
+    The IP2TOR service just makes sense if you
+    run your RaspiBlitz behind TOR.
             ''', title="Info")
             sys.exit(0)
 
diff --git a/home.admin/config.scripts/bonus.letsencrypt.sh b/home.admin/config.scripts/bonus.letsencrypt.sh
index 456b48947..dd180ed11 100755
--- a/home.admin/config.scripts/bonus.letsencrypt.sh
+++ b/home.admin/config.scripts/bonus.letsencrypt.sh
@@ -12,8 +12,9 @@ fi
 
 source /mnt/hdd/raspiblitz.conf
 
-ACME_LOAD_BASE_URL="https://codeload.github.com/acmesh-official/acme.sh/tar.gz"
-ACME_VERSION="2.8.6"
+# https://github.com/acmesh-official/acme.sh/releases
+ACME_LOAD_BASE_URL="https://github.com/acmesh-official/acme.sh/archive/refs/tags/3.0.7.tar.gz"
+ACME_VERSION="3.0.7"
 
 ACME_INSTALL_HOME="/home/admin/.acme.sh"
 ACME_CONFIG_HOME="/mnt/hdd/app-data/letsencrypt"
@@ -21,19 +22,6 @@ ACME_CERT_HOME="${ACME_CONFIG_HOME}/certs"
 
 ACME_IS_INSTALLED=0
 
-# if Tor is on test that CURL is by default running over Tor
-# TODO: issue https://github.com/rootzoll/raspiblitz/issues/1341
-#if [ "${runBehindTor}" == "on" ]; then
-#  echo "# checking if Tor proxy for CURL is working ..."
-#  checkTor=$(curl -s https://check.torproject.org | grep -c "Congratulations")
-#  if [ ${checkTor} -eq 0 ]; then
-#    echo "err='curl tor proxy not working'"
-#    exit 1
-#  else
-#    echo "# OK Tor proxy for CURL"
-#  fi
-#fi
-
 ###################
 # FUNCTIONS
 ###################
@@ -70,7 +58,15 @@ function acme_status() {
 }
 
 function acme_install() {
+
   email="${1}"
+  # create a dummy email if none is provided
+  if [ -z "${email}" ]; then
+    random_number=$(shuf -i 100-999 -n 1)
+    random_word=$(shuf -n 1 /usr/share/dict/words)
+    ending="x.com"
+    email="${random_word}${random_number}@gm${ending}"
+  fi
 
   # ensure socat
   if ! command -v socat >/dev/null; then
@@ -79,41 +75,38 @@ function acme_install() {
     sudo apt-get install -y socat >/dev/null 2>&1
   fi
 
+  # make sure config directory exists
   if ! [ -d $ACME_CONFIG_HOME ]; then
     sudo mkdir -p $ACME_CONFIG_HOME
   fi
   sudo chown admin:admin $ACME_CONFIG_HOME
 
-  rm -f "/tmp/acme.sh_${ACME_VERSION}.tar.gz"
-  if ! curl --silent --fail -o "/tmp/acme.sh_${ACME_VERSION}.tar.gz" "${ACME_LOAD_BASE_URL}/${ACME_VERSION}" 2>&1; then
-    echo "Error ($?): Download failed from: ${ACME_LOAD_BASE_URL}/${ACME_VERSION}"
-    rm -f "/tmp/acme.sh_${ACME_VERSION}.tar.gz"
+  # download and install acme.sh
+  echo "# download acme.sh release ${ACME_VERSION} from ${ACME_LOAD_BASE_URL}"
+  rm -r /tmp/acme.sh* 2>/dev/null
+  if ! curl -L --silent --fail -o "/tmp/acme.sh.tar.gz" "${ACME_LOAD_BASE_URL}" 2>&1; then
+    echo "Error ($?): Download failed from: ${ACME_LOAD_BASE_URL}"
+    rm -r /tmp/acme.sh*
     exit 1
   fi
 
-  if tar xzf "/tmp/acme.sh_${ACME_VERSION}.tar.gz" -C /tmp/; then
+  if tar xzf "/tmp/acme.sh.tar.gz" -C /tmp/; then
     cd "/tmp/acme.sh-${ACME_VERSION}" || exit
 
-    if [ -n "${email}" ]; then
-      ./acme.sh --install \
-        --noprofile \
-        --home "${ACME_INSTALL_HOME}" \
-        --config-home "${ACME_CONFIG_HOME}" \
-        --cert-home "${ACME_CERT_HOME}" \
-        --accountemail "${email}"
-    else
-      ./acme.sh --install \
-        --noprofile \
-        --home "${ACME_INSTALL_HOME}" \
-        --config-home "${ACME_CONFIG_HOME}" \
-        --cert-home "${ACME_CERT_HOME}"
-    fi
+    echo "# installing acme.sh with email(${email})"
+    ./acme.sh --install \
+      --noprofile \
+      --home "${ACME_INSTALL_HOME}" \
+      --config-home "${ACME_CONFIG_HOME}" \
+      --cert-home "${ACME_CERT_HOME}" \
+      --accountemail "${email}"
 
+  else
+    echo "# Error ($?): Extracting failed"
+    exit 1
   fi
 
-  rm -f "/tmp/acme.sh_${ACME_VERSION}.tar.gz"
-  rm -Rf "/tmp/acme.sh_${ACME_VERSION}"
-
+  rm -r /tmp/acme.sh*
 }
 
 function refresh_certs_with_nginx() {
@@ -219,6 +212,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     sudo chmod -R 733 $ACME_CONFIG_HOME
 
     # install the acme script
+    echo "# acme_install"
     acme_install "${address}"
     echo ""