Commit 695761b4 authored by Till Brehm's avatar Till Brehm
Browse files

Merge branch...

Merge branch '5784-missing-symlinks-to-etc-letsencrypt-live-on-certbot-during-install-update' into 'develop'

Resolve "Missing symlinks to /etc/letsencrypt/live on certbot during install/update"

Closes #5784

See merge request ispconfig/ispconfig3!1228
parents 27bf2009 510d5ad3
Pipeline #5512 passed with stage
in 10 seconds
...@@ -2999,6 +2999,10 @@ class installer_base { ...@@ -2999,6 +2999,10 @@ class installer_base {
rename($ssl_pem_file, $ssl_pem_file . '-' . $date->format('YmdHis') . '.bak'); rename($ssl_pem_file, $ssl_pem_file . '-' . $date->format('YmdHis') . '.bak');
} }
$acme_cert_dir = '/etc/letsencrypt/live/' . $hostname;
symlink($acme_cert_dir . '/fullchain.pem', $ssl_crt_file);
symlink($acme_cert_dir . '/privkey.pem', $ssl_key_file);
$issued_successfully = true; $issued_successfully = true;
} else { } else {
swriteln('Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt'); swriteln('Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt');
...@@ -3043,42 +3047,44 @@ class installer_base { ...@@ -3043,42 +3047,44 @@ class installer_base {
} }
// Build ispserver.pem file and chmod it // Build ispserver.pem file and chmod it
exec("cat $ssl_key_file $ssl_crt_file > $ssl_pem_file; chmod 600 $ssl_pem_file"); if(file_exists($ssl_key_file)) {
exec("cat $ssl_key_file $ssl_crt_file > $ssl_pem_file; chmod 600 $ssl_pem_file");
// Extend LE SSL certs to postfix // Extend LE SSL certs to postfix
if ($conf['postfix']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig SSL certs to Postfix?', array('y', 'n'), 'y','ispconfig_postfix_ssl_symlink')) == 'y') { if ($conf['postfix']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig SSL certs to Postfix?', array('y', 'n'), 'y','ispconfig_postfix_ssl_symlink')) == 'y') {
// Define folder, file(s) // Define folder, file(s)
$cf = $conf['postfix']; $cf = $conf['postfix'];
$postfix_dir = $cf['config_dir']; $postfix_dir = $cf['config_dir'];
if(!is_dir($postfix_dir)) $this->error("The Postfix configuration directory '$postfix_dir' does not exist."); if(!is_dir($postfix_dir)) $this->error("The Postfix configuration directory '$postfix_dir' does not exist.");
$smtpd_crt = $postfix_dir.'/smtpd.cert'; $smtpd_crt = $postfix_dir.'/smtpd.cert';
$smtpd_key = $postfix_dir.'/smtpd.key'; $smtpd_key = $postfix_dir.'/smtpd.key';
// Backup existing postfix ssl files // Backup existing postfix ssl files
if (file_exists($smtpd_crt)) rename($smtpd_crt, $smtpd_crt . '-' .$date->format('YmdHis') . '.bak'); if (file_exists($smtpd_crt)) rename($smtpd_crt, $smtpd_crt . '-' .$date->format('YmdHis') . '.bak');
if (file_exists($smtpd_key)) rename($smtpd_key, $smtpd_key . '-' .$date->format('YmdHis') . '.bak'); if (file_exists($smtpd_key)) rename($smtpd_key, $smtpd_key . '-' .$date->format('YmdHis') . '.bak');
// Create symlink to ISPConfig SSL files // Create symlink to ISPConfig SSL files
symlink($ssl_crt_file, $smtpd_crt); symlink($ssl_crt_file, $smtpd_crt);
symlink($ssl_key_file, $smtpd_key); symlink($ssl_key_file, $smtpd_key);
} }
// Extend LE SSL certs to pureftpd // Extend LE SSL certs to pureftpd
if ($conf['pureftpd']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time.', array('y', 'n'), 'y','ispconfig_pureftpd_ssl_symlink')) == 'y') { if ($conf['pureftpd']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time.', array('y', 'n'), 'y','ispconfig_pureftpd_ssl_symlink')) == 'y') {
// Define folder, file(s) // Define folder, file(s)
$pureftpd_dir = '/etc/ssl/private'; $pureftpd_dir = '/etc/ssl/private';
if(!is_dir($pureftpd_dir)) mkdir($pureftpd_dir, 0755, true); if(!is_dir($pureftpd_dir)) mkdir($pureftpd_dir, 0755, true);
$pureftpd_pem = $pureftpd_dir.'/pure-ftpd.pem'; $pureftpd_pem = $pureftpd_dir.'/pure-ftpd.pem';
// Backup existing pureftpd ssl files // Backup existing pureftpd ssl files
if (file_exists($pureftpd_pem)) rename($pureftpd_pem, $pureftpd_pem . '-' .$date->format('YmdHis') . '.bak'); if (file_exists($pureftpd_pem)) rename($pureftpd_pem, $pureftpd_pem . '-' .$date->format('YmdHis') . '.bak');
// Create symlink to ISPConfig SSL files // Create symlink to ISPConfig SSL files
symlink($ssl_pem_file, $pureftpd_pem); symlink($ssl_pem_file, $pureftpd_pem);
if (!file_exists("$pureftpd_dir/pure-ftpd-dhparams.pem")) if (!file_exists("$pureftpd_dir/pure-ftpd-dhparams.pem"))
exec("cd $pureftpd_dir; openssl dhparam -out dhparam2048.pem 2048; ln -sf dhparam2048.pem pure-ftpd-dhparams.pem"); exec("cd $pureftpd_dir; openssl dhparam -out dhparam2048.pem 2048; ln -sf dhparam2048.pem pure-ftpd-dhparams.pem");
}
} }
exec("chown -R root:root $ssl_dir"); exec("chown -R root:root $ssl_dir");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment