Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISPConfig
ISPConfig 3
Commits
5f3c7335
Commit
5f3c7335
authored
Jul 13, 2017
by
Marius Burkard
Browse files
do not create or renew LE certificates on active migration mode, fixes #4702
parent
71aeb3b1
Changes
2
Hide whitespace changes
Inline
Side-by-side
server/lib/classes/cron.d/900-letsencrypt.inc.php
View file @
5f3c7335
...
...
@@ -49,30 +49,35 @@ class cronjob_letsencrypt extends cronjob {
public
function
onRunJob
()
{
global
$app
,
$conf
;
$letsencrypt
=
explode
(
"
\n
"
,
shell_exec
(
'which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'
));
$letsencrypt
=
reset
(
$letsencrypt
);
if
(
is_executable
(
$letsencrypt
))
{
$version
=
exec
(
$letsencrypt
.
' --version 2>&1'
,
$ret
,
$val
);
if
(
preg_match
(
'/^(\S+|\w+)\s+(\d+(\.\d+)+)$/'
,
$version
,
$matches
))
{
$type
=
strtolower
(
$matches
[
1
]);
$version
=
$matches
[
2
];
if
((
$type
!=
'letsencrypt'
&&
$type
!=
'certbot'
)
||
version_compare
(
$version
,
'0.7.0'
,
'<'
))
{
exec
(
$letsencrypt
.
' -n renew'
);
$app
->
services
->
restartServiceDelayed
(
'httpd'
,
'force-reload'
);
}
else
{
$marker_file
=
'/usr/local/ispconfig/server/le.restart'
;
$cmd
=
"echo '1' > "
.
$marker_file
;
exec
(
$letsencrypt
.
' -n renew --post-hook '
.
escapeshellarg
(
$cmd
));
if
(
file_exists
(
$marker_file
)
&&
trim
(
file_get_contents
(
$marker_file
))
==
'1'
)
{
unlink
(
$marker_file
);
$server_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
'server_id'
],
'server'
);
if
(
!
isset
(
$server_config
[
'migration_mode'
])
||
$server_config
[
'migration_mode'
]
!=
'y'
)
{
$letsencrypt
=
explode
(
"
\n
"
,
shell_exec
(
'which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'
));
$letsencrypt
=
reset
(
$letsencrypt
);
if
(
is_executable
(
$letsencrypt
))
{
$version
=
exec
(
$letsencrypt
.
' --version 2>&1'
,
$ret
,
$val
);
if
(
preg_match
(
'/^(\S+|\w+)\s+(\d+(\.\d+)+)$/'
,
$version
,
$matches
))
{
$type
=
strtolower
(
$matches
[
1
]);
$version
=
$matches
[
2
];
if
((
$type
!=
'letsencrypt'
&&
$type
!=
'certbot'
)
||
version_compare
(
$version
,
'0.7.0'
,
'<'
))
{
exec
(
$letsencrypt
.
' -n renew'
);
$app
->
services
->
restartServiceDelayed
(
'httpd'
,
'force-reload'
);
}
else
{
$marker_file
=
'/usr/local/ispconfig/server/le.restart'
;
$cmd
=
"echo '1' > "
.
$marker_file
;
exec
(
$letsencrypt
.
' -n renew --post-hook '
.
escapeshellarg
(
$cmd
));
if
(
file_exists
(
$marker_file
)
&&
trim
(
file_get_contents
(
$marker_file
))
==
'1'
)
{
unlink
(
$marker_file
);
$app
->
services
->
restartServiceDelayed
(
'httpd'
,
'force-reload'
);
}
}
}
else
{
exec
(
$letsencrypt
.
' -n renew'
);
$app
->
services
->
restartServiceDelayed
(
'httpd'
,
'force-reload'
);
}
}
else
{
exec
(
$letsencrypt
.
' -n renew'
);
$app
->
services
->
restartServiceDelayed
(
'httpd'
,
'force-reload'
);
}
}
else
{
$app
->
log
(
'Migration mode active, not running Let\'s Encrypt renewal.'
,
LOGLEVEL_DEBUG
);
}
parent
::
onRunJob
();
...
...
server/lib/classes/letsencrypt.inc.php
View file @
5f3c7335
...
...
@@ -181,6 +181,7 @@ class letsencrypt {
$app
->
uses
(
'getconf'
);
$web_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
'server_id'
],
'web'
);
$server_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
'server_id'
],
'server'
);
$tmp
=
$app
->
letsencrypt
->
get_website_certificate_paths
(
$data
);
$domain
=
$tmp
[
'domain'
];
...
...
@@ -233,7 +234,7 @@ class letsencrypt {
$le_domains
=
array
();
foreach
(
$temp_domains
as
$temp_domain
)
{
if
(
isset
(
$web_config
[
'skip_le_check'
])
&&
$web_config
[
'skip_le_check'
]
==
'y'
)
{
if
(
(
isset
(
$web_config
[
'skip_le_check'
])
&&
$web_config
[
'skip_le_check'
]
==
'y'
)
||
(
isset
(
$server_config
[
'migration_mode'
])
&&
$server_config
[
'migration_mode'
]
==
'y'
))
{
$le_domains
[]
=
$temp_domain
;
}
else
{
$le_hash_check
=
trim
(
@
file_get_contents
(
'http://'
.
$temp_domain
.
'/.well-known/acme-challenge/'
.
$le_rnd_file
));
...
...
@@ -261,14 +262,19 @@ class letsencrypt {
$letsencrypt_cmd
=
''
;
$success
=
false
;
if
(
!
empty
(
$cli_domain_arg
))
{
$app
->
log
(
"Create Let's Encrypt SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
$app
->
log
(
"Let's Encrypt SSL Cert domains:
$cli_domain_arg
"
,
LOGLEVEL_DEBUG
);
$letsencrypt
=
explode
(
"
\n
"
,
shell_exec
(
'which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'
));
$letsencrypt
=
reset
(
$letsencrypt
);
if
(
is_executable
(
$letsencrypt
))
{
$letsencrypt_cmd
=
$letsencrypt
.
" certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
$cli_domain_arg
--webroot-path /usr/local/ispconfig/interface/acme"
;
$success
=
$app
->
system
->
_exec
(
$letsencrypt_cmd
);
if
(
!
isset
(
$server_config
[
'migration_mode'
])
||
$server_config
[
'migration_mode'
]
!=
'y'
)
{
$app
->
log
(
"Create Let's Encrypt SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
$app
->
log
(
"Let's Encrypt SSL Cert domains:
$cli_domain_arg
"
,
LOGLEVEL_DEBUG
);
$letsencrypt
=
explode
(
"
\n
"
,
shell_exec
(
'which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt'
));
$letsencrypt
=
reset
(
$letsencrypt
);
if
(
is_executable
(
$letsencrypt
))
{
$letsencrypt_cmd
=
$letsencrypt
.
" certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
$cli_domain_arg
--webroot-path /usr/local/ispconfig/interface/acme"
;
$success
=
$app
->
system
->
_exec
(
$letsencrypt_cmd
);
}
}
else
{
$app
->
log
(
"Migration mode active, skipping Let's Encrypt SSL Cert creation for:
$domain
"
,
LOGLEVEL_DEBUG
);
$success
=
true
;
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment