Commit 30ead37e authored by Till Brehm's avatar Till Brehm
Browse files

Merge branch 'stable-3.1' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.1

parents 6f4bd248 218973bb
...@@ -229,7 +229,7 @@ class installer_base { ...@@ -229,7 +229,7 @@ class installer_base {
if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') { if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n"; echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n"; echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
echo"to the mysqld-section in your mysql-config and restart mysqld afterwards\n"; echo"to the mysqld-section in your mysql-config on this server and restart mysqld afterwards\n";
die(); die();
} }
......
...@@ -128,7 +128,7 @@ function updateDbAndIni() { ...@@ -128,7 +128,7 @@ function updateDbAndIni() {
if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') { if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n"; echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n"; echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
echo"to the mysqld-section in your mysql-config and restart mysqld afterwards\n"; echo"to the mysqld-section in your mysql-config on this server and restart mysqld afterwards\n";
die(); die();
} }
......
...@@ -1185,8 +1185,8 @@ class apache2_plugin { ...@@ -1185,8 +1185,8 @@ class apache2_plugin {
|| $this->update_letsencrypt == true || $this->update_letsencrypt == true
)) { )) {
// default values // default values
$temp_domains = array(); $temp_domains = array($domain);
$lddomain = $domain; $lddomain = '';
$subdomains = null; $subdomains = null;
$aliasdomains = null; $aliasdomains = null;
$sub_prefixes = array(); $sub_prefixes = array();
...@@ -1218,6 +1218,25 @@ class apache2_plugin { ...@@ -1218,6 +1218,25 @@ class apache2_plugin {
// prevent duplicate // prevent duplicate
$temp_domains = array_unique($temp_domains); $temp_domains = array_unique($temp_domains);
// check if domains are reachable to avoid letsencrypt verification errors
$le_rnd_file = uniqid('le-') . '.txt';
$le_rnd_hash = md5(uniqid('le-', true));
file_put_contents('/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/' . $le_rnd_file, $le_rnd_hash);
$le_domains = array();
foreach($temp_domains as $temp_domain) {
$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
if($le_hash_check == $le_rnd_hash) {
$le_domains[] = $temp_domain;
$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
} else {
$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
}
}
$temp_domains = $le_domains;
unset($le_domains);
@unlink('/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/' . $le_rnd_file);
// generate cli format // generate cli format
foreach($temp_domains as $temp_domain) { foreach($temp_domains as $temp_domain) {
...@@ -1243,7 +1262,7 @@ class apache2_plugin { ...@@ -1243,7 +1262,7 @@ class apache2_plugin {
$letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt')); $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'));
$letsencrypt = reset($letsencrypt); $letsencrypt = reset($letsencrypt);
if(is_executable($letsencrypt)) { if(is_executable($letsencrypt)) {
$success = $this->_exec($letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); $success = $this->_exec($letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
} }
if(!$success) { if(!$success) {
// error issuing cert // error issuing cert
......
...@@ -1254,8 +1254,8 @@ class nginx_plugin { ...@@ -1254,8 +1254,8 @@ class nginx_plugin {
|| $this->update_letsencrypt == true || $this->update_letsencrypt == true
)) { )) {
// default values // default values
$temp_domains = array(); $temp_domains = array($domain);
$lddomain = $domain; $lddomain = '';
$subdomains = null; $subdomains = null;
$aliasdomains = null; $aliasdomains = null;
$sub_prefixes = array(); $sub_prefixes = array();
...@@ -1292,6 +1292,25 @@ class nginx_plugin { ...@@ -1292,6 +1292,25 @@ class nginx_plugin {
// prevent duplicate // prevent duplicate
$temp_domains = array_unique($temp_domains); $temp_domains = array_unique($temp_domains);
// check if domains are reachable to avoid letsencrypt verification errors
$le_rnd_file = uniqid('le-') . '.txt';
$le_rnd_hash = md5(uniqid('le-', true));
file_put_contents('/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/' . $le_rnd_file, $le_rnd_hash);
$le_domains = array();
foreach($temp_domains as $temp_domain) {
$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
if($le_hash_check == $le_rnd_hash) {
$le_domains[] = $temp_domain;
$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
} else {
$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
}
}
$temp_domains = $le_domains;
unset($le_domains);
@unlink('/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/' . $le_rnd_file);
// generate cli format // generate cli format
foreach($temp_domains as $temp_domain) { foreach($temp_domains as $temp_domain) {
$lddomain .= (string) " --domains " . $temp_domain; $lddomain .= (string) " --domains " . $temp_domain;
...@@ -1317,7 +1336,7 @@ class nginx_plugin { ...@@ -1317,7 +1336,7 @@ class nginx_plugin {
$letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt')); $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'));
$letsencrypt = reset($letsencrypt); $letsencrypt = reset($letsencrypt);
if(is_executable($letsencrypt)) { if(is_executable($letsencrypt)) {
$success = $this->_exec($letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); $success = $this->_exec($letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
} }
if(!$success) { if(!$success) {
// error issuing cert // error issuing cert
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment