From 39fa9fd40294f9d099d443157435f5a89a166427 Mon Sep 17 00:00:00 2001 From: Thom Pol Date: Fri, 26 Feb 2021 20:27:03 +0100 Subject: [PATCH 1/2] Add a function to install Certbot instead of acme.sh (--use-certbot) (#38) --- lib/class.ISPConfig.inc.php | 17 +++++++++++++---- lib/os/class.ISPConfigDebianOS.inc.php | 25 ++++++++++++++++++------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/lib/class.ISPConfig.inc.php b/lib/class.ISPConfig.inc.php index 948130d..4800fe9 100644 --- a/lib/class.ISPConfig.inc.php +++ b/lib/class.ISPConfig.inc.php @@ -173,6 +173,14 @@ class ISPConfig { } } + public static function wantsCertbot() { + if(isset($_GET['use-certbot']) && $_GET['use-certbot']) { + return true; + } else { + return false; + } + } + public static function wantsPHP() { // If a new version is added, the getApacheModulesToDisable function should be updated to disable the latest version (this part could be improved) $available_php_versions = array( @@ -188,13 +196,13 @@ class ISPConfig { if ($_GET['use-php'] === 'system') { return $_GET['use-php']; } else { - $use_php = explode(',',$_GET['use-php']); + $use_php = explode(',',$_GET['use-php']); $php_versions = array_intersect($use_php, $available_php_versions); if(!empty($php_versions)) { return $php_versions; } else { return false; - } + } } } else { return $available_php_versions; @@ -246,9 +254,10 @@ Possible arguments are: --use-unbound ->Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set. --use-php ->Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available). ->--use-php=system disables the sury repository and just installs the system\'s default PHP version. - ->ommiting the argument (use all versions) + ->ommiting the argument (use all versions) --use-ftp-ports ->This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210. ->If not provided the passive port range will not be configured. + --use-certbot ->Use Certbot instead of acme.sh for issuing Let\'s Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot. --no-web ->Do not use ISPConfig on this server to manage webserver setting and don\'t install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies --no-roundcube as well as --no-pma --no-mail ->Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for ISPConfig mail. It implies --no-mailman. --no-dns ->Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only. @@ -277,7 +286,7 @@ Possible arguments are: $valid_args = array( 'help', 'debug', 'interactive', - 'use-nginx', 'use-amavis', 'use-php', 'use-unbound', 'use-ftp-ports', 'channel', 'lang', + 'use-nginx', 'use-amavis', 'use-php', 'use-unbound', 'use-ftp-ports', 'use-certbot', 'channel', 'lang', 'no-web', 'no-mail', 'no-dns', 'no-firewall', 'no-roundcube', 'no-pma', 'no-mailman', 'no-quota', 'no-ntp', 'no-local-dns', 'i-know-what-i-am-doing' ); diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php index fe32aa9..06c03d0 100644 --- a/lib/os/class.ISPConfigDebianOS.inc.php +++ b/lib/os/class.ISPConfigDebianOS.inc.php @@ -163,7 +163,7 @@ class ISPConfigDebianOS extends ISPConfigBaseOS { $modules = array( 'mpm_prefork' ); - + return $modules; } @@ -930,13 +930,24 @@ mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"'; $this->restartService('apache2'); } - ISPConfigLog::info('Installing letsencrypt (acme.sh).', true); - $cmd = 'cd /tmp ; wget -O - https://get.acme.sh 2>/dev/null | sh 2>/dev/null'; - $result = $this->exec($cmd); - if($result === false) { - ISPConfigLog::warn('Installing letsencrypt failed.', true); + if (ISPConfig::wantsCertbot()) { + ISPConfigLog::info('Installing Certbot (Let\'s Encrypt).', true); + $cmd = 'cd /usr/local/bin ; wget https://dl.eff.org/certbot-auto ; chmod a+x certbot-auto ; ./certbot-auto --install-only'; + $result = $this->exec($cmd); + if($result === false) { + ISPConfigLog::warn('Installation of Certbot (Let\'s Encrypt) failed.', true); + } else { + ISPConfigLog::info('Certbot installed.', true); + } } else { - ISPConfigLog::info('Letsencrypt installed.', true); + ISPConfigLog::info('Installing acme.sh (Let\'s Encrypt).', true); + $cmd = 'cd /tmp ; wget -O - https://get.acme.sh 2>/dev/null | sh 2>/dev/null'; + $result = $this->exec($cmd); + if($result === false) { + ISPConfigLog::warn('Installation of acme.sh (Let\'s Encrypt) failed.', true); + } else { + ISPConfigLog::info('acme.sh (Let\'s Encrypt) installed.', true); + } } $mailman_password = ''; -- GitLab From ce58c41a0161275eb725f73682edbd622e19f494 Mon Sep 17 00:00:00 2001 From: Thom Pol Date: Fri, 26 Feb 2021 21:32:05 +0100 Subject: [PATCH 2/2] Install certbot from repo (#38) --- lib/os/class.ISPConfigDebianOS.inc.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php index 06c03d0..09735b2 100644 --- a/lib/os/class.ISPConfigDebianOS.inc.php +++ b/lib/os/class.ISPConfigDebianOS.inc.php @@ -932,13 +932,7 @@ mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"'; if (ISPConfig::wantsCertbot()) { ISPConfigLog::info('Installing Certbot (Let\'s Encrypt).', true); - $cmd = 'cd /usr/local/bin ; wget https://dl.eff.org/certbot-auto ; chmod a+x certbot-auto ; ./certbot-auto --install-only'; - $result = $this->exec($cmd); - if($result === false) { - ISPConfigLog::warn('Installation of Certbot (Let\'s Encrypt) failed.', true); - } else { - ISPConfigLog::info('Certbot installed.', true); - } + $this->installPackages('certbot'); } else { ISPConfigLog::info('Installing acme.sh (Let\'s Encrypt).', true); $cmd = 'cd /tmp ; wget -O - https://get.acme.sh 2>/dev/null | sh 2>/dev/null'; -- GitLab