From 38fdcf89eb3b7f592f38792446c4c20335d518f6 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Thu, 23 Jul 2020 15:41:28 +0200
Subject: [PATCH] - add logging to acme.sh commands and add that log file to
 internal log rotation

---
 server/lib/classes/cron.d/200-logfiles.inc.php | 16 ++++++++--------
 server/lib/classes/letsencrypt.inc.php         |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/server/lib/classes/cron.d/200-logfiles.inc.php b/server/lib/classes/cron.d/200-logfiles.inc.php
index 203d3c0bda..b0470b2ec7 100644
--- a/server/lib/classes/cron.d/200-logfiles.inc.php
+++ b/server/lib/classes/cron.d/200-logfiles.inc.php
@@ -49,10 +49,10 @@ class cronjob_logfiles extends cronjob {
 
 	public function onRunJob() {
 		global $app, $conf;
-		
+
 		$app->uses('getconf');
 		$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
-		
+
 		if($server_config['log_retention'] > 0) {
 			$max_syslog = $app->functions->intval($server_config['log_retention']);
 		} else {
@@ -121,18 +121,18 @@ class cronjob_logfiles extends cronjob {
 				$app->system->exec_safe("gzip -c ? > ?", $logfile, $logfile . '.gz');
 				unlink($logfile);
 			}
-			
+
 			$cron_logfiles = array('cron.log', 'cron_error.log', 'cron_wget.log');
 			foreach($cron_logfiles as $cron_logfile) {
 				$cron_logfile = $rec['document_root'].'/' . $log_folder . '/' . $cron_logfile;
-				
+
 				// rename older files (move up by one)
 				$num = $log_retention;
 				while($num >= 1) {
 					if(is_file($cron_logfile . '.' . $num . '.gz')) rename($cron_logfile . '.' . $num . '.gz', $cron_logfile . '.' . ($num + 1) . '.gz');
 					$num--;
 				}
-				
+
 				// compress current logfile
 				if(is_file($cron_logfile)) {
 					$app->system->exec_safe("gzip -c ? > ?", $cron_logfile, $cron_logfile . '.1.gz');
@@ -146,7 +146,7 @@ class cronjob_logfiles extends cronjob {
 				}
 			}
 
-			// rotate and compress the error.log 
+			// rotate and compress the error.log
 			$error_logfile = $rec['document_root'].'/' . $log_folder . '/error.log';
 			// rename older files (move up by one)
 			$num = $log_retention;
@@ -184,7 +184,7 @@ class cronjob_logfiles extends cronjob {
 		//######################################################################################################
 
 
-		$ispconfig_logfiles = array('ispconfig.log', 'cron.log', 'auth.log');
+		$ispconfig_logfiles = array('ispconfig.log', 'cron.log', 'auth.log', 'acme.log');
 		foreach($ispconfig_logfiles as $ispconfig_logfile) {
 			$num = $max_syslog;
 			$ispconfig_logfile = $conf['ispconfig_log_dir'].'/'.$ispconfig_logfile;
@@ -240,7 +240,7 @@ class cronjob_logfiles extends cronjob {
              */
 			$sql = "DELETE FROM sys_log WHERE tstamp < ? AND server_id != 0";
 			$app->dbmaster->query($sql, $tstamp);
-			
+
 			/*
 			 * now delete those entries without a linked datalog entry (datalog_id = 0)
 			 */
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index 4e9bb74e13..7346638119 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -54,7 +54,7 @@ class letsencrypt {
 	}
 
 	public function get_acme_command($domains, $key_file, $bundle_file, $cert_file, $server_type = 'apache') {
-		global $app;
+		global $app, $conf;
 
 		$letsencrypt = $this->get_acme_script();
 
@@ -74,7 +74,7 @@ class letsencrypt {
 			$cert_arg = '--fullchain-file ' . escapeshellarg($bundle_file) . ' --cert-file ' . escapeshellarg($cert_file);
 		}
 
-		$cmd = 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $cmd . ' -w /usr/local/ispconfig/interface/acme ; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . '; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi';
+		$cmd = 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $cmd . ' -w /usr/local/ispconfig/interface/acme ; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi';
 
 		return $cmd;
 	}
-- 
GitLab