diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index c5f7f24132a5ced50161f9cdd3fa6699d682a7f1..990da4f9de5d02d8db6c0ca9e6c7f414a4f4b1f2 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -260,9 +260,9 @@ class apache2_plugin {
if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
$ssl_dir = $data['new']['document_root'].'/ssl';
- $domain = $data['new']['ssl_domain'];
- $key_file = $ssl_dir.'/'.$domain.'.key.org';
- $key_file2 = $ssl_dir.'/'.$domain.'.key';
+ $domain = ($data['new']['ssl_domain'] != '') ? $data['new']['ssl_domain'] : $data['new']['domain'];
+ $key_file = $ssl_dir.'/'.$domain.'.key';
+ $key_file2 = $ssl_dir.'/'.$domain.'.key.org';
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
@@ -322,12 +322,12 @@ class apache2_plugin {
$app->system->file_put_contents($ssl_cnf_file, $ssl_cnf);
$rand_file = escapeshellcmd($rand_file);
- $key_file = escapeshellcmd($key_file);
- $openssl_cmd_key_file = $key_file;
- if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') !== false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate
$key_file2 = escapeshellcmd($key_file2);
$openssl_cmd_key_file2 = $key_file2;
if(substr($domain, 0, 2) == '*.' && strpos($key_file2, '/ssl/\*.') !== false) $key_file2 = str_replace('/ssl/\*.', '/ssl/*.', $key_file2); // wildcard certificate
+ $key_file = escapeshellcmd($key_file);
+ $openssl_cmd_key_file = $key_file;
+ if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') !== false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate
$ssl_days = 3650;
$csr_file = escapeshellcmd($csr_file);
$openssl_cmd_csr_file = $csr_file;
@@ -339,9 +339,9 @@ class apache2_plugin {
if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) {
- exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $openssl_cmd_key_file 2048");
- exec("openssl req -new -sha256 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file -out $openssl_cmd_csr_file -days $ssl_days -config $config_file");
- exec("openssl rsa -passin pass:$ssl_password -in $openssl_cmd_key_file -out $openssl_cmd_key_file2");
+ exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $openssl_cmd_key_file2 2048");
+ exec("openssl req -new -sha256 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file2 -out $openssl_cmd_csr_file -days $ssl_days -config $config_file");
+ exec("openssl rsa -passin pass:$ssl_password -in $openssl_cmd_key_file2 -out $openssl_cmd_key_file");
if(file_exists($web_config['CA_path'].'/openssl.cnf'))
{
@@ -350,24 +350,24 @@ class apache2_plugin {
if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed. openssl ca -out $openssl_cmd_crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $openssl_cmd_csr_file", LOGLEVEL_ERROR);
};
if (@filesize($crt_file)==0 || !file_exists($crt_file)){
- exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file -in $openssl_cmd_csr_file -out $openssl_cmd_crt_file -days $ssl_days -config $config_file ");
+ exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file2 -in $openssl_cmd_csr_file -out $openssl_cmd_crt_file -days $ssl_days -config $config_file ");
$app->log("Creating self-signed SSL Cert for: $domain", LOGLEVEL_DEBUG);
};
}
- $app->system->chmod($key_file, 0400);
$app->system->chmod($key_file2, 0400);
+ $app->system->chmod($key_file, 0400);
@$app->system->unlink($config_file);
@$app->system->unlink($rand_file);
$ssl_request = $app->system->file_get_contents($csr_file);
$ssl_cert = $app->system->file_get_contents($crt_file);
- $ssl_key2 = $app->system->file_get_contents($key_file2);
+ $ssl_key = $app->system->file_get_contents($key_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
@@ -390,13 +390,6 @@ class apache2_plugin {
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
$this->ssl_certificate_changed = true;
- $ssl_dir = $data["new"]["document_root"]."/ssl";
- $domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
- $key_file = $ssl_dir.'/'.$domain.'.key.org';
- $key_file2 = $ssl_dir.'/'.$domain.'.key';
- $csr_file = $ssl_dir.'/'.$domain.".csr";
- $crt_file = $ssl_dir.'/'.$domain.".crt";
- $bundle_file = $ssl_dir.'/'.$domain.".bundle";
//* Backup files
if(file_exists($key_file)){
@@ -425,14 +418,14 @@ class apache2_plugin {
//* Write the key file, if field is empty then import the key into the db
if(trim($data["new"]["ssl_key"]) != '') {
- $app->system->file_put_contents($key_file2, $data["new"]["ssl_key"]);
- $app->system->chmod($key_file2, 0400);
+ $app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
+ $app->system->chmod($key_file, 0400);
} else {
- $ssl_key2 = $app->system->file_get_contents($key_file2);
+ $ssl_key = $app->system->file_get_contents($key_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key, $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key, $data['new']['domain']);
}
/* Update the DB of the (local) Server */
@@ -445,11 +438,6 @@ class apache2_plugin {
//* Delete a SSL certificate
if($data['new']['ssl_action'] == 'del') {
- $ssl_dir = $data['new']['document_root'].'/ssl';
- $domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
- $csr_file = $ssl_dir.'/'.$domain.'.csr';
- $crt_file = $ssl_dir.'/'.$domain.'.crt';
- $bundle_file = $ssl_dir.'/'.$domain.'.bundle';
if(file_exists($web_config['CA_path'].'/openssl.cnf') && !is_link($web_config['CA_path'].'/openssl.cnf'))
{
exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke ".escapeshellcmd($crt_file));
@@ -1153,19 +1141,11 @@ class apache2_plugin {
$domain = $data['new']['ssl_domain'];
if(!$domain) $domain = $data['new']['domain'];
$key_file = $ssl_dir.'/'.$domain.'.key';
+ $key_file2 = $ssl_dir.'/'.$domain.'.key.org';
+ $csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
- /*
- if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
- $vhost_data['ssl_enabled'] = 1;
- $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
- } else {
- $vhost_data['ssl_enabled'] = 0;
- $app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
- }
- */
-
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
@@ -1175,6 +1155,11 @@ class apache2_plugin {
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
+
+ $key_file = $ssl_dir.'/'.$domain.'-le.key';
+ $key_file2 = $ssl_dir.'/'.$domain.'-le.key.org';
+ $crt_file = $ssl_dir.'/'.$domain.'-le.crt';
+ $bundle_file = $ssl_dir.'/'.$domain.'-le.bundle';
}
//* Generate Let's Encrypt SSL certificat
@@ -1258,7 +1243,7 @@ class apache2_plugin {
//}
//* check is been correctly created
- if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+ if(file_exists($crt_tmp_file)) {
$date = date("YmdHis");
if(is_file($key_file)) {
$app->system->copy($key_file, $key_file.'.old'.$date);
@@ -1737,11 +1722,6 @@ class apache2_plugin {
unset($tmp_vhost_arr);
//* Add vhost for ipv4 IP with SSL
- $ssl_dir = $data['new']['document_root'].'/ssl';
- $domain = $data['new']['ssl_domain'];
- $key_file = $ssl_dir.'/'.$domain.'.key';
- $crt_file = $ssl_dir.'/'.$domain.'.crt';
-
if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
$tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
@@ -1961,15 +1941,6 @@ class apache2_plugin {
$app->system->file_put_contents($vhost_file, "# Apache did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");
}
if($this->ssl_certificate_changed === true) {
-
- $ssl_dir = $data['new']['document_root'].'/ssl';
- $domain = $data['new']['ssl_domain'];
- $key_file = $ssl_dir.'/'.$domain.'.key.org';
- $key_file2 = $ssl_dir.'/'.$domain.'.key';
- $csr_file = $ssl_dir.'/'.$domain.'.csr';
- $crt_file = $ssl_dir.'/'.$domain.'.crt';
- $bundle_file = $ssl_dir.'/'.$domain.'.bundle';
-
//* Backup the files that might have caused the error
if(is_file($key_file)){
$app->system->copy($key_file, $key_file.'.err');
@@ -2009,16 +1980,8 @@ class apache2_plugin {
// can reset the ssl changed var to false and cleanup some files
$this->ssl_certificate_changed = false;
- $ssl_dir = $data['new']['document_root'].'/ssl';
- $domain = $data['new']['ssl_domain'];
- $key_file = $ssl_dir.'/'.$domain.'.key.org';
- $key_file2 = $ssl_dir.'/'.$domain.'.key';
- $csr_file = $ssl_dir.'/'.$domain.'.csr';
- $crt_file = $ssl_dir.'/'.$domain.'.crt';
- $bundle_file = $ssl_dir.'/'.$domain.'.bundle';
-
if(@is_file($key_file.'~')) $app->system->unlink($key_file.'~');
- if(@is_file($key2_file.'~')) $app->system->unlink($key2_file.'~');
+ if(@is_file($key_file2.'~')) $app->system->unlink($key_file2.'~');
if(@is_file($crt_file.'~')) $app->system->unlink($crt_file.'~');
if(@is_file($csr_file.'~')) $app->system->unlink($csr_file.'~');
if(@is_file($bundle_file.'~')) $app->system->unlink($bundle_file.'~');
@@ -2112,16 +2075,14 @@ class apache2_plugin {
// remove letsencrypt if it exists (renew will always fail otherwise)
- $domain = $data['old']['ssl_domain'];
- if(!$domain) $domain = $data['old']['domain'];
- if(substr($domain, 0, 2) === '*.') {
+ $old_domain = $data['old']['ssl_domain'];
+ if(!$old_domain) $old_domain = $data['old']['domain'];
+ if(substr($old_domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
- $domain = substr($domain, 2);
+ $old_domain = substr($old_domain, 2);
}
- //$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
- //$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
- $le_conf_file = '/etc/letsencrypt/renewal/' . $domain . '.conf';
- @rename('/etc/letsencrypt/renewal/' . $domain . '.conf', '/etc/letsencrypt/renewal/' . $domain . '.conf~backup');
+ $le_conf_file = '/etc/letsencrypt/renewal/' . $old_domain . '.conf';
+ @rename('/etc/letsencrypt/renewal/' . $old_domain . '.conf', '/etc/letsencrypt/renewal/' . $old_domain . '.conf~backup');
}
//* remove mountpoint from fstab