Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory :  /home/gositeme/domains/lavocat.quebec/private_html/scripts/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

#!/usr/bin/env node

// SSL Certificate Generation Script for lavocat.quebec
const fs = require('fs');
const path = require('path');
const { execSync } = require('child_process');

const domain = 'lavocat.quebec';
const certDir = path.join(__dirname, '..', 'certificates');

console.log('🔐 Generating SSL certificates for lavocat.quebec...');

// Create certificates directory
if (!fs.existsSync(certDir)) {
  fs.mkdirSync(certDir, { recursive: true });
  console.log('✅ Created certificates directory');
}

// Generate self-signed certificate for development
const generateSelfSignedCert = () => {
  const keyPath = path.join(certDir, `${domain}.key`);
  const certPath = path.join(certDir, `${domain}.crt`);
  
  console.log('🔑 Generating self-signed certificate...');
  
  try {
    // Generate private key
    execSync(`openssl genrsa -out "${keyPath}" 2048`, { stdio: 'inherit' });
    console.log('✅ Private key generated');
    
    // Generate certificate signing request
    const csrPath = path.join(certDir, `${domain}.csr`);
    const configPath = path.join(certDir, 'openssl.conf');
    
    // Create OpenSSL configuration
    const opensslConfig = `
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
C = CA
ST = Quebec
L = Montreal
O = Lavocat Quebec
OU = IT Department
CN = ${domain}

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${domain}
DNS.2 = www.${domain}
DNS.3 = localhost
IP.1 = 127.0.0.1
IP.2 = ::1
`;
    
    fs.writeFileSync(configPath, opensslConfig);
    
    // Generate CSR
    execSync(`openssl req -new -key "${keyPath}" -out "${csrPath}" -config "${configPath}"`, { stdio: 'inherit' });
    console.log('✅ Certificate signing request generated');
    
    // Generate self-signed certificate
    execSync(`openssl x509 -req -in "${csrPath}" -signkey "${keyPath}" -out "${certPath}" -days 365 -extensions v3_req -extfile "${configPath}"`, { stdio: 'inherit' });
    console.log('✅ Self-signed certificate generated');
    
    // Set proper permissions
    fs.chmodSync(keyPath, 0o600);
    fs.chmodSync(certPath, 0o644);
    
    // Clean up temporary files
    fs.unlinkSync(csrPath);
    fs.unlinkSync(configPath);
    
    console.log('✅ SSL certificate generation completed!');
    console.log(`📁 Key file: ${keyPath}`);
    console.log(`📁 Certificate file: ${certPath}`);
    
  } catch (error) {
    console.error('❌ Error generating SSL certificate:', error.message);
    process.exit(1);
  }
};

// Generate Let's Encrypt certificate (for production)
const generateLetsEncryptCert = () => {
  console.log('🌐 Generating Let\'s Encrypt certificate...');
  console.log('⚠️  This requires the domain to be pointing to this server');
  console.log('⚠️  Make sure DNS is configured correctly before running this');
  
  try {
    // Install certbot if not available
    try {
      execSync('which certbot', { stdio: 'ignore' });
    } catch {
      console.log('📦 Installing certbot...');
      execSync('sudo apt update && sudo apt install -y certbot', { stdio: 'inherit' });
    }
    
    // Generate certificate
    execSync(`sudo certbot certonly --standalone -d ${domain} -d www.${domain} --email admin@${domain} --agree-tos --non-interactive`, { stdio: 'inherit' });
    
    // Copy certificates to project directory
    const letsEncryptCertPath = `/etc/letsencrypt/live/${domain}/fullchain.pem`;
    const letsEncryptKeyPath = `/etc/letsencrypt/live/${domain}/privkey.pem`;
    
    if (fs.existsSync(letsEncryptCertPath) && fs.existsSync(letsEncryptKeyPath)) {
      const certPath = path.join(certDir, `${domain}.crt`);
      const keyPath = path.join(certDir, `${domain}.key`);
      
      execSync(`sudo cp "${letsEncryptCertPath}" "${certPath}"`);
      execSync(`sudo cp "${letsEncryptKeyPath}" "${keyPath}"`);
      execSync(`sudo chown $USER:$USER "${certPath}" "${keyPath}"`);
      execSync(`sudo chmod 644 "${certPath}"`);
      execSync(`sudo chmod 600 "${keyPath}"`);
      
      console.log('✅ Let\'s Encrypt certificate generated and copied!');
      console.log(`📁 Key file: ${keyPath}`);
      console.log(`📁 Certificate file: ${certPath}`);
    } else {
      throw new Error('Let\'s Encrypt certificate files not found');
    }
    
  } catch (error) {
    console.error('❌ Error generating Let\'s Encrypt certificate:', error.message);
    console.log('🔄 Falling back to self-signed certificate...');
    generateSelfSignedCert();
  }
};

// Main execution
const main = () => {
  const args = process.argv.slice(2);
  const useLetsEncrypt = args.includes('--lets-encrypt') || args.includes('-le');
  
  if (useLetsEncrypt) {
    generateLetsEncryptCert();
  } else {
    generateSelfSignedCert();
  }
  
  console.log('\n📋 Next steps:');
  console.log('1. Update your .env.production file with certificate paths');
  console.log('2. Configure your web server to use these certificates');
  console.log('3. For production, consider using Let\'s Encrypt for trusted certificates');
  console.log('\n🔗 Let\'s Encrypt command: node scripts/generate-ssl-certificates.js --lets-encrypt');
};

if (require.main === module) {
  main();
}

module.exports = { generateSelfSignedCert, generateLetsEncryptCert };