Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISPConfig
ISPConfig 3
Commits
7456a4f5
Commit
7456a4f5
authored
Feb 11, 2016
by
Marius Burkard
Browse files
- changed the way letsencrypt is handled due to various problems
parent
ee24ad5f
Changes
5
Hide whitespace changes
Inline
Side-by-side
install/tpl/apache_ispconfig.conf.master
View file @
7456a4f5
...
...
@@ -118,6 +118,8 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
Alias /awstats-icon "/usr/share/awstats/icon"
</tmpl_if>
Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme-challenge
NameVirtualHost *:80
NameVirtualHost *:443
<tmpl_loop name="ip_adresses">
...
...
interface/acme-challenge/empty.dir
0 → 100644
View file @
7456a4f5
This empty directory is needed by ISPConfig.
server/conf/nginx_vhost.conf.master
View file @
7456a4f5
...
...
@@ -263,6 +263,13 @@ server {
}
</tmpl_if>
location /\.well-known/acme-challenge {
root /usr/local/ispconfig/interface/acme-challenge;
index index.html index.htm;
try_files $uri =404;
}
<tmpl_loop name="basic_auth_locations">
location <tmpl_var name='htpasswd_location'> { ##merge##
auth_basic "Members Only";
...
...
@@ -293,6 +300,13 @@ server {
</tmpl_if>
server_name <tmpl_var name='rewrite_domain'>;
location /\.well-known/acme-challenge {
root /usr/local/ispconfig/interface/acme-challenge;
index index.html index.htm;
try_files $uri =404;
}
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
...
...
server/plugins-available/apache2_plugin.inc.php
View file @
7456a4f5
...
...
@@ -1183,22 +1183,8 @@ class apache2_plugin {
if
(
!
file_exists
(
$crt_tmp_file
)
&&
!
file_exists
(
$key_tmp_file
))
{
$app
->
log
(
"Create Let's Encrypt SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
if
(
is_dir
(
$webroot
.
"/.well-known/acme-challenge/"
))
{
$app
->
log
(
"Remove old challenge directory"
,
LOGLEVEL_DEBUG
);
$this
->
_exec
(
"rm -rf "
.
$webroot
.
"/.well-known/acme-challenge/"
);
}
$app
->
log
(
"Create challenge directory"
,
LOGLEVEL_DEBUG
);
$app
->
system
->
mkdirpath
(
$webroot
.
"/.well-known/"
);
$app
->
system
->
chown
(
$webroot
.
"/.well-known/"
,
$data
[
'new'
][
'system_user'
]);
$app
->
system
->
chgrp
(
$webroot
.
"/.well-known/"
,
$data
[
'new'
][
'system_group'
]);
$app
->
system
->
mkdirpath
(
$webroot
.
"/.well-known/acme-challenge"
);
$app
->
system
->
chown
(
$webroot
.
"/.well-known/acme-challenge/"
,
$data
[
'new'
][
'system_user'
]);
$app
->
system
->
chgrp
(
$webroot
.
"/.well-known/acme-challenge/"
,
$data
[
'new'
][
'system_group'
]);
$app
->
system
->
chmod
(
$webroot
.
"/.well-known/acme-challenge"
,
"g+s"
);
if
(
file_exists
(
"/root/.local/share/letsencrypt/bin/letsencrypt"
))
{
$this
->
_exec
(
"/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
--domains
$lddomain
--webroot-path
"
.
escapeshellarg
(
$webroot
)
);
$this
->
_exec
(
"/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
--domains
$lddomain
--webroot-path
/usr/local/ispconfig/interface/acme-challenge"
);
}
};
...
...
server/plugins-available/nginx_plugin.inc.php
View file @
7456a4f5
...
...
@@ -1303,22 +1303,8 @@ class nginx_plugin {
if
(
!
file_exists
(
$crt_tmp_file
)
&&
!
file_exists
(
$key_tmp_file
))
{
$app
->
log
(
"Create Let's Encrypt SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
if
(
is_dir
(
$webroot
.
"/.well-known/acme-challenge/"
))
{
$app
->
log
(
"Remove old challenge directory"
,
LOGLEVEL_DEBUG
);
$this
->
_exec
(
"rm -rf "
.
$webroot
.
"/.well-known/acme-challenge/"
);
}
$app
->
log
(
"Create challenge directory"
,
LOGLEVEL_DEBUG
);
$app
->
system
->
mkdirpath
(
$webroot
.
"/.well-known/"
);
$app
->
system
->
chown
(
$webroot
.
"/.well-known/"
,
$data
[
'new'
][
'system_user'
]);
$app
->
system
->
chgrp
(
$webroot
.
"/.well-known/"
,
$data
[
'new'
][
'system_group'
]);
$app
->
system
->
mkdirpath
(
$webroot
.
"/.well-known/acme-challenge"
);
$app
->
system
->
chown
(
$webroot
.
"/.well-known/acme-challenge/"
,
$data
[
'new'
][
'system_user'
]);
$app
->
system
->
chgrp
(
$webroot
.
"/.well-known/acme-challenge/"
,
$data
[
'new'
][
'system_group'
]);
$app
->
system
->
chmod
(
$webroot
.
"/.well-known/acme-challenge"
,
"g+s"
);
if
(
file_exists
(
"/root/.local/share/letsencrypt/bin/letsencrypt"
))
{
$this
->
_exec
(
"/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
--domains
$lddomain
--webroot-path
"
.
escapeshellarg
(
$webroot
)
);
$this
->
_exec
(
"/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@
$domain
--domains
$lddomain
--webroot-path
/usr/local/ispconfig/interface/acme-challenge"
);
}
};
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment