From 49a081d1e892cc5476cb78860b4aceacadaf6ba7 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 14 Sep 2020 10:06:33 +0200
Subject: [PATCH] - revert CAA checks from !1128 until we have a solid method
 for getting the correct CAA domain from a host name

---
 server/lib/classes/letsencrypt.inc.php | 35 ++++----------------------
 1 file changed, 5 insertions(+), 30 deletions(-)

diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index fb67e7c00d..3923954e10 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -373,38 +373,13 @@ class letsencrypt {
 			if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) {
 				$le_domains[] = $temp_domain;
 			} else {
-				//check caa-record
-				$caa_check = false;
-				$caa_domain = $temp_domain;
-				$count = substr_count($caa_domain, '.');
-				if($count === 2) {
-					if(strlen(explode('.', $caa_domain)[1]) > 3) {
-						$caa_domain = explode('.', $caa_domain, 2)[1];
- 					}
-				} else if($count > 2) {
-					$caa_domain = get_domain(explode('.', $caa_domain, 2)[1]);
-				}
-				$caa_records = @dns_get_record($caa_domain, DNS_CAA); // requieres PHP 7.0.16, 7.1.2
-				if(is_array($caa_records) && !empty($caa_records)) {
-					foreach ($caa_records as $record) {
-						if($record['value'] == 'letsencrypt.org') $caa_check = true;
-					}
-				} else {
-					$caa_check = true;
-				}
-
-				if($caa_check === true) {
-					$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
-					if($le_hash_check == $le_rnd_hash) {
-						$le_domains[] = $temp_domain;
-						$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
-					} else {
-						$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
-					}
+				$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
+				if($le_hash_check == $le_rnd_hash) {
+					$le_domains[] = $temp_domain;
+					$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
 				} else {
-					$app->log("Incomplete CAA-Records for " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+					$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
 				}
-
 			}
 		}
 		$temp_domains = $le_domains;
-- 
GitLab