- changed the way letsencrypt is handled due to various problems

7456a4f5 · Marius Burkard · ee24ad5f · 7456a4f5 · 7456a4f5 · 7456a4f5
Commit 7456a4f5 authored Feb 11, 2016 by Marius Burkard
--- a/install/tpl/apache_ispconfig.conf.master
+++ b/install/tpl/apache_ispconfig.conf.master
@@ -118,6 +118,8 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 Alias /awstats-icon "/usr/share/awstats/icon"
 </tmpl_if>

+Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme-challenge
+
 NameVirtualHost *:80
 NameVirtualHost *:443
 <tmpl_loop name="ip_adresses">

--- a/interface/acme-challenge/empty.dir
+++ b/interface/acme-challenge/empty.dir
+This empty directory is needed by ISPConfig.
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -263,6 +263,13 @@ server {
        }
 </tmpl_if>

+location /\.well-known/acme-challenge {
+	   root /usr/local/ispconfig/interface/acme-challenge;
+	   index index.html index.htm;
+	   try_files $uri =404;
+}
+
+
 <tmpl_loop name="basic_auth_locations">
        location <tmpl_var name='htpasswd_location'> { ##merge##
                auth_basic "Members Only";
@@ -293,6 +300,13 @@ server {
 </tmpl_if>
        
        server_name <tmpl_var name='rewrite_domain'>;
+
+location /\.well-known/acme-challenge {
+	   root /usr/local/ispconfig/interface/acme-challenge;
+	   index index.html index.htm;
+	   try_files $uri =404;
+}
+
 <tmpl_if name='alias_seo_redirects2'>
 <tmpl_loop name="alias_seo_redirects2">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {

--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1183,22 +1183,8 @@ class apache2_plugin {
 			if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
 				$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);

-				if(is_dir($webroot . "/.well-known/acme-challenge/")) {
-					$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
-					$this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
-				}
-
-				$app->log("Create challenge directory", LOGLEVEL_DEBUG);
-				$app->system->mkdirpath($webroot . "/.well-known/");
-				$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
-				$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
-				$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
-				$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
-				$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
-				$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
-				
 				if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
-					$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+					$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
 				}
 			};


--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1303,22 +1303,8 @@ class nginx_plugin {
 			if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
 				$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);

-				if(is_dir($webroot . "/.well-known/acme-challenge/")) {
-					$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
-					$this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
-				}
-
-				$app->log("Create challenge directory", LOGLEVEL_DEBUG);
-				$app->system->mkdirpath($webroot . "/.well-known/");
-				$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
-				$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
-				$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
-				$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
-				$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
-				$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
-				
 				if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
-					$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+					$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
 				}
 			};