Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISPConfig
ISPConfig 3
Commits
45c429e4
Commit
45c429e4
authored
Jan 27, 2017
by
Marius Burkard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- adding domain check prior to requesting Letsencrypt cert, implements #4466
parent
d0e3363c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
44 additions
and
6 deletions
+44
-6
server/plugins-available/apache2_plugin.inc.php
server/plugins-available/apache2_plugin.inc.php
+22
-3
server/plugins-available/nginx_plugin.inc.php
server/plugins-available/nginx_plugin.inc.php
+22
-3
No files found.
server/plugins-available/apache2_plugin.inc.php
View file @
45c429e4
...
...
@@ -1185,8 +1185,8 @@ class apache2_plugin {
||
$this
->
update_letsencrypt
==
true
))
{
// default values
$temp_domains
=
array
();
$lddomain
=
$domain
;
$temp_domains
=
array
(
$domain
);
$lddomain
=
''
;
$subdomains
=
null
;
$aliasdomains
=
null
;
$sub_prefixes
=
array
();
...
...
@@ -1218,6 +1218,25 @@ class apache2_plugin {
// prevent duplicate
$temp_domains
=
array_unique
(
$temp_domains
);
// check if domains are reachable to avoid letsencrypt verification errors
$le_rnd_file
=
uniqid
(
'le-'
)
.
'.txt'
;
$le_rnd_hash
=
md5
(
uniqid
(
'le-'
,
true
));
file_put_contents
(
'/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/'
.
$le_rnd_file
,
$le_rnd_hash
);
$le_domains
=
array
();
foreach
(
$temp_domains
as
$temp_domain
)
{
$le_hash_check
=
trim
(
@
file_get_contents
(
'http://'
.
$temp_domain
.
'/.well-known/acme-challenge/'
.
$le_rnd_file
));
if
(
$le_hash_check
==
$le_rnd_hash
)
{
$le_domains
[]
=
$temp_domain
;
$app
->
log
(
"Verified domain "
.
$temp_domain
.
" should be reachable for letsencrypt."
,
LOGLEVEL_DEBUG
);
}
else
{
$app
->
log
(
"Could not verify domain "
.
$temp_domain
.
", so excluding it from letsencrypt request."
,
LOGLEVEL_WARN
);
}
}
$temp_domains
=
$le_domains
;
unset
(
$le_domains
);
@
unlink
(
'/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/'
.
$le_rnd_file
);
// generate cli format
foreach
(
$temp_domains
as
$temp_domain
)
{
...
...
@@ -1243,7 +1262,7 @@ class apache2_plugin {
$letsencrypt
=
explode
(
"
\n
"
,
shell_exec
(
'which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'
));
$letsencrypt
=
reset
(
$letsencrypt
);
if
(
is_executable
(
$letsencrypt
))
{
$success
=
$this
->
_exec
(
$letsencrypt
.
" certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
--domains
$lddomain
--webroot-path /usr/local/ispconfig/interface/acme"
);
$success
=
$this
->
_exec
(
$letsencrypt
.
" certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
$lddomain
--webroot-path /usr/local/ispconfig/interface/acme"
);
}
if
(
!
$success
)
{
// error issuing cert
...
...
server/plugins-available/nginx_plugin.inc.php
View file @
45c429e4
...
...
@@ -1254,8 +1254,8 @@ class nginx_plugin {
||
$this
->
update_letsencrypt
==
true
))
{
// default values
$temp_domains
=
array
();
$lddomain
=
$domain
;
$temp_domains
=
array
(
$domain
);
$lddomain
=
''
;
$subdomains
=
null
;
$aliasdomains
=
null
;
$sub_prefixes
=
array
();
...
...
@@ -1292,6 +1292,25 @@ class nginx_plugin {
// prevent duplicate
$temp_domains
=
array_unique
(
$temp_domains
);
// check if domains are reachable to avoid letsencrypt verification errors
$le_rnd_file
=
uniqid
(
'le-'
)
.
'.txt'
;
$le_rnd_hash
=
md5
(
uniqid
(
'le-'
,
true
));
file_put_contents
(
'/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/'
.
$le_rnd_file
,
$le_rnd_hash
);
$le_domains
=
array
();
foreach
(
$temp_domains
as
$temp_domain
)
{
$le_hash_check
=
trim
(
@
file_get_contents
(
'http://'
.
$temp_domain
.
'/.well-known/acme-challenge/'
.
$le_rnd_file
));
if
(
$le_hash_check
==
$le_rnd_hash
)
{
$le_domains
[]
=
$temp_domain
;
$app
->
log
(
"Verified domain "
.
$temp_domain
.
" should be reachable for letsencrypt."
,
LOGLEVEL_DEBUG
);
}
else
{
$app
->
log
(
"Could not verify domain "
.
$temp_domain
.
", so excluding it from letsencrypt request."
,
LOGLEVEL_WARN
);
}
}
$temp_domains
=
$le_domains
;
unset
(
$le_domains
);
@
unlink
(
'/usr/local/ispconfig/interface/acme/.well-known/acme-challenge/'
.
$le_rnd_file
);
// generate cli format
foreach
(
$temp_domains
as
$temp_domain
)
{
$lddomain
.
=
(
string
)
" --domains "
.
$temp_domain
;
...
...
@@ -1317,7 +1336,7 @@ class nginx_plugin {
$letsencrypt
=
explode
(
"
\n
"
,
shell_exec
(
'which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'
));
$letsencrypt
=
reset
(
$letsencrypt
);
if
(
is_executable
(
$letsencrypt
))
{
$success
=
$this
->
_exec
(
$letsencrypt
.
" certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
--domains
$lddomain
--webroot-path /usr/local/ispconfig/interface/acme"
);
$success
=
$this
->
_exec
(
$letsencrypt
.
" certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
$lddomain
--webroot-path /usr/local/ispconfig/interface/acme"
);
}
if
(
!
$success
)
{
// error issuing cert
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment