From 5c8778af29c9148fb03830e9ae0cb54f36c4a96b Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@programming.bacchus.network>
Date: Tue, 8 Jan 2019 00:43:28 -0700
Subject: [PATCH] updated subst to comment ssl_dhparam if error generating
 dhparam

---
 .vscode/numbered-bookmarks.json | 10 +++++-----
 setup.sh                        | 13 ++++++++++++-
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/.vscode/numbered-bookmarks.json b/.vscode/numbered-bookmarks.json
index 87ea6d6..c4af308 100644
--- a/.vscode/numbered-bookmarks.json
+++ b/.vscode/numbered-bookmarks.json
@@ -4,15 +4,15 @@
 			"fsPath": "$ROOTPATH$/setup.sh",
 			"bookmarks": [
 				-1,
-				30,
-				44,
-				701,
+				19,
+				54,
+				744,
 				-1,
 				-1,
 				-1,
 				-1,
-				-1,
-				611
+				657,
+				706
 			]
 		}
 	]
diff --git a/setup.sh b/setup.sh
index 9d9fa7d..60abb62 100755
--- a/setup.sh
+++ b/setup.sh
@@ -49,6 +49,7 @@ unset phpAddr
 unset phpPort
 unset phpSock
 unset dhsuccess
+unset disableDHParam
 unset copysuccess
 
 # set variables
@@ -63,6 +64,7 @@ useSSL=0
 useCertbot=0
 generateDH=0
 noOSCP=0
+disableDHParam=0
 
 # set tags and files to update
 tag_servernames="<server name(s)>"
@@ -649,7 +651,12 @@ if [ "${generateDH}" -eq 1 ]; then
         DHPath='/etc/ssl/certs/dhparam.pem'
     else
         echo -e "${err}-- error generating dhparam.pem --"
-        echo -e "you should manaully generate this file${norm}"
+        echo -e "you should manually generate this file${norm}"
+        echo -e "\n${warn}The relevant section of the NGINX configuration will be disabled${norm}\n"
+        # set DHPath to default BUT set flag to comment ssl_dhparam in mozModern_ssl.conf
+        DHPath='etc/ssl/certs/dhparam.pem'
+        disableDHParam=1
+
     fi
 fi
 
@@ -696,6 +703,10 @@ if [ "${useSSL}" -eq 1 ]; then
         sed -i 's/^ssl_stapling/#ssl_stapling/g' "${configPath}/${file_mozmodern}"
         sed -i 's/^ssl_trusted/#ssl_trusted/' "${configPath}/${file_mozmodern}"
     fi
+    # comment ssl_dhparam line if error generating dhparam.pem
+    if [ "${disableDHParam}" -eq 1 ]; then
+        sed -i 's/^ssl_dhparam/#ssl_dhparam/' "${configPath}/${file_mozmodern}"
+    fi
 fi
 
 # process LAN IP in nginx.conf