From 1faea9d10addfef315d97dc430bb1a674ed7d5b1 Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 29 Jan 2023 17:22:52 +0100 Subject: [PATCH 01/19] Add DNS-01 verification capability (#4202) --- install/tpl/system.ini.master | 4 ++ .../web/admin/form/system_config.tform.php | 34 ++++++++++++ .../web/admin/lib/lang/ar_system_config.lng | 4 ++ .../web/admin/lib/lang/bg_system_config.lng | 4 ++ .../web/admin/lib/lang/br_system_config.lng | 4 ++ .../web/admin/lib/lang/ca_system_config.lng | 4 ++ .../web/admin/lib/lang/cz_system_config.lng | 4 ++ .../web/admin/lib/lang/de_system_config.lng | 4 ++ .../web/admin/lib/lang/dk_system_config.lng | 4 ++ .../web/admin/lib/lang/el_system_config.lng | 4 ++ .../web/admin/lib/lang/en_system_config.lng | 4 ++ .../web/admin/lib/lang/es_system_config.lng | 4 ++ .../web/admin/lib/lang/fi_system_config.lng | 4 ++ .../web/admin/lib/lang/fr_system_config.lng | 4 ++ .../web/admin/lib/lang/hr_system_config.lng | 4 ++ .../web/admin/lib/lang/hu_system_config.lng | 4 ++ .../web/admin/lib/lang/id_system_config.lng | 4 ++ .../web/admin/lib/lang/it_system_config.lng | 4 ++ .../web/admin/lib/lang/ja_system_config.lng | 4 ++ .../web/admin/lib/lang/nl_system_config.lng | 4 ++ .../web/admin/lib/lang/pl_system_config.lng | 4 ++ .../web/admin/lib/lang/pt_system_config.lng | 4 ++ .../web/admin/lib/lang/ro_system_config.lng | 4 ++ .../web/admin/lib/lang/ru_system_config.lng | 4 ++ .../web/admin/lib/lang/se_system_config.lng | 4 ++ .../web/admin/lib/lang/sk_system_config.lng | 4 ++ .../web/admin/lib/lang/tr_system_config.lng | 4 ++ .../templates/system_config_sites_edit.htm | 31 +++++++++-- server/lib/classes/letsencrypt.inc.php | 55 +++++++++++++++---- 29 files changed, 208 insertions(+), 16 deletions(-) diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master index 07110c736f..b8e000aba2 100644 --- a/install/tpl/system.ini.master +++ b/install/tpl/system.ini.master @@ -38,6 +38,10 @@ reseller_can_use_options=n web_php_options=no,fast-cgi,mod,php-fpm show_aps_menu=n client_protection=y +acme_dns_user= +acme_dns_password= +acme_dns_api= +acme_dns_api_insecure=n ssh_authentication= le_caa_autocreate_options=y diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php index 22212b8b74..0642f5cf13 100644 --- a/interface/web/admin/form/system_config.tform.php +++ b/interface/web/admin/form/system_config.tform.php @@ -148,6 +148,40 @@ $form["tabs"]['sites'] = array ( 'width' => '30', 'maxlength' => '255' ), + 'acme_dns_user' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'acme_dns_password' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'acme_dns_api' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'REGEX', + 'regex' => '/^[0-9a-zA-Z\:\/\-\.\_\[\]\?\=\&]{0,255}$/', + 'errmsg'=> 'acme_dns_api_url_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'acme_dns_api_insecure' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'y', + 'value' => array(0 => 'n', 1 => 'y') + ), 'client_protection' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'CHECKBOX', diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng index 4ae8ad3416..2aed8beaa0 100644 --- a/interface/web/admin/lib/lang/ar_system_config.lng +++ b/interface/web/admin/lib/lang/ar_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Database name prefix'; $wb['dbuser_prefix_txt'] = 'Database user prefix'; $wb['shelluser_prefix_txt'] = 'Shell user prefix'; $wb['ftpuser_prefix_txt'] = 'FTP user prefix'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng index 2029f38ed2..2f833a5e13 100644 --- a/interface/web/admin/lib/lang/bg_system_config.lng +++ b/interface/web/admin/lib/lang/bg_system_config.lng @@ -5,6 +5,10 @@ $wb['dbname_prefix_txt'] = 'Име на префикса в базата дан $wb['dbuser_prefix_txt'] = 'Потребителски префикс в базата данни'; $wb['shelluser_prefix_txt'] = 'Shell user prefix'; $wb['ftpuser_prefix_txt'] = 'Потребителски префикс на FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Неразрешени символи в името на префикса.'; $wb['dbuser_prefix_error_regex'] = 'Неразрешени символи в името на префикса.'; $wb['ftpuser_prefix_error_regex'] = 'Неразрешени символи в името на ftp префикса.'; diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng index 1128081d2d..4d93984ec3 100644 --- a/interface/web/admin/lib/lang/br_system_config.lng +++ b/interface/web/admin/lib/lang/br_system_config.lng @@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Adicionar subdomínios como um site'; $wb['vhost_subdomains_note_txt'] = 'Você não pode desabilitar esta configuração enquanto existirem subdomínios vhost no sistema!'; $wb['vhost_aliasdomains_txt'] = 'Adicionar alias de domínio como um site'; $wb['vhost_aliasdomains_note_txt'] = 'Você não pode desabilitar esta configuração enquanto existirem alias de domínios vhost no sistema!'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Banco de Dados.'; $wb['dbuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo de usuário do Banco de Dados.'; $wb['ftpuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo de usuário FTP.'; diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng index 0c02530608..42325e955f 100644 --- a/interface/web/admin/lib/lang/ca_system_config.lng +++ b/interface/web/admin/lib/lang/ca_system_config.lng @@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Create subdomains as web site'; $wb['vhost_subdomains_note_txt'] = 'You cannot disable this as long as vhost subdomains exist in the system!'; $wb['vhost_aliasdomains_txt'] = 'Create aliasdomains as web site'; $wb['vhost_aliasdomains_note_txt'] = 'You cannot disable this as long as vhost aliasdomains exist in the system!'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng index fb0e65d5e7..d68239d4cd 100644 --- a/interface/web/admin/lib/lang/cz_system_config.lng +++ b/interface/web/admin/lib/lang/cz_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefix názvu databáze'; $wb['dbuser_prefix_txt'] = 'Prefix uživatele databáze'; $wb['shelluser_prefix_txt'] = 'Prefix shell uživatele'; $wb['ftpuser_prefix_txt'] = 'Prefix FTP uživatele'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Znak není povolen v prefixu databázovém názvu.'; $wb['dbuser_prefix_error_regex'] = 'Znak není povolen v prefixu databázového uživatele.'; $wb['ftpuser_prefix_error_regex'] = 'Znak není povolen v prefixu FTP uživatele.'; diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng index ed4c26f61d..c70a2d53b4 100644 --- a/interface/web/admin/lib/lang/de_system_config.lng +++ b/interface/web/admin/lib/lang/de_system_config.lng @@ -14,6 +14,10 @@ $wb['vhost_subdomains_txt'] = 'Subdomains als Webseite anlegen'; $wb['vhost_subdomains_note_txt'] = 'Diese Einstellung kann nicht wieder deaktiviert werden, wenn Vhost Subdomains im System vorhanden sind!'; $wb['vhost_aliasdomains_txt'] = 'Aliasdomains als Webseite anlegen'; $wb['vhost_aliasdomains_note_txt'] = 'Diese Einstellung kann nicht wieder deaktiviert werden, wenn Vhost Aliasdomains im System vorhanden sind!'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Zeichen nicht erlaubt in Datenbank Namen Präfix.'; $wb['dbuser_prefix_error_regex'] = 'Zeichen nicht erlaubt in Datenbank Benutzer Präfix.'; $wb['ftpuser_prefix_error_regex'] = 'Zeichen nicht erlaubt in FTP Benutzer Präfix.'; diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng index 971253aae7..a778f6d625 100644 --- a/interface/web/admin/lib/lang/dk_system_config.lng +++ b/interface/web/admin/lib/lang/dk_system_config.lng @@ -16,6 +16,10 @@ $wb['webdavuser_prefix_txt'] = 'Webdav bruger prefix'; $wb['ftpuser_prefix_txt'] = 'FTP bruger prefix'; $wb['vhost_subdomains_txt'] = 'Opret Sub-domæne som web side'; $wb['vhost_subdomains_note_txt'] = 'Du kan ikke deaktivere dette, så længe der findes vhost sub-domæner i systemet!'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char ikke tilladt i database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char ikke tilladt i database bruger prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char ikke tilladt i ftp bruger prefix.'; diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng index 8bfe8012de..a55cd2ce5b 100644 --- a/interface/web/admin/lib/lang/el_system_config.lng +++ b/interface/web/admin/lib/lang/el_system_config.lng @@ -10,6 +10,10 @@ $wb['dbuser_prefix_txt'] = 'Πρόθεμα Χρήστη Βάσης Δεδομέ $wb['shelluser_prefix_txt'] = 'Πρόθεμα Χρήστη Shell'; $wb['webdavuser_prefix_txt'] = 'Πρόθεμα Χρήστη Webdav'; $wb['ftpuser_prefix_txt'] = 'Πρόθεμα Χρήστη FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Ονόματος της Βάσης Δεδομένων.'; $wb['dbuser_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Χρήστη της Βάσης Δεδομένων.'; $wb['ftpuser_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Χρήστη ftp.'; diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng index 9cf04103bb..7841e97619 100644 --- a/interface/web/admin/lib/lang/en_system_config.lng +++ b/interface/web/admin/lib/lang/en_system_config.lng @@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Create subdomains as web site'; $wb['vhost_subdomains_note_txt'] = 'You cannot disable this as long as vhost subdomains exist in the system!'; $wb['vhost_aliasdomains_txt'] = 'Create aliasdomains as web site'; $wb['vhost_aliasdomains_note_txt'] = 'You cannot disable this as long as vhost aliasdomains exist in the system!'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng index 844c19db58..c834ed2458 100644 --- a/interface/web/admin/lib/lang/es_system_config.lng +++ b/interface/web/admin/lib/lang/es_system_config.lng @@ -20,6 +20,10 @@ $wb['dashboard_atom_url_admin_txt'] = 'URL del feed atom en el panel (admin)'; $wb['dashboard_atom_url_client_txt'] = 'URL del feed atom en el panel (cliente)'; $wb['dashboard_atom_url_reseller_txt'] = 'URL del feed atom en el panel (revendedor)'; $wb['dblist_phpmyadmin_link_txt'] = 'Vínculo a phpMyAdmin en la lista de bases de datos'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Carácter no permitido en el prefijo de nombre de base de datos.'; $wb['dbname_prefix_txt'] = 'Prefijo del nombre de la base de datos'; $wb['dbuser_prefix_error_regex'] = 'Carácter no permitido en el nombre del usuario de la base datos.'; diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng index 4b4bf32cc0..107dd281b9 100644 --- a/interface/web/admin/lib/lang/fi_system_config.lng +++ b/interface/web/admin/lib/lang/fi_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Tietokannan nimen etuliite'; $wb['dbuser_prefix_txt'] = 'Tietokannan käyttäjätunnuksen etuliite'; $wb['shelluser_prefix_txt'] = 'Shell-käyttäjätunnuksen etuliite'; $wb['ftpuser_prefix_txt'] = 'FTP-käyttäjätunnuksen etuliite'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Tietokannan nimen etuliite on vääränlainen.'; $wb['dbuser_prefix_error_regex'] = 'Tietokannan käyttäjätunnuksen etuliite on vääränlainen.'; $wb['ftpuser_prefix_error_regex'] = 'FTP-käyttäjätunnuksen etuliite on vääränlainen.'; diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng index 801c27b5df..cecc200fc3 100644 --- a/interface/web/admin/lib/lang/fr_system_config.lng +++ b/interface/web/admin/lib/lang/fr_system_config.lng @@ -10,6 +10,10 @@ $wb['dbuser_prefix_txt'] = 'Préfixe de l’utilisateur de la BDd'; $wb['shelluser_prefix_txt'] = 'Préfixe de l’utilisateur Shell'; $wb['webdavuser_prefix_txt'] = 'Préfixe de l’utilisateur WebDAV'; $wb['ftpuser_prefix_txt'] = 'Préfixe de l’utilisateur FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe du nom de la BDD.'; $wb['dbuser_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe de l’utilisateur de la BDD.'; $wb['ftpuser_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe de l’utilisateur FTP.'; diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng index 87fcfff645..375f6ea06a 100644 --- a/interface/web/admin/lib/lang/hr_system_config.lng +++ b/interface/web/admin/lib/lang/hr_system_config.lng @@ -7,6 +7,10 @@ $wb['dbuser_prefix_txt'] = 'Prefiks nazivu korisnika baze'; $wb['shelluser_prefix_txt'] = 'Prefiks Shell računu'; $wb['webdavuser_prefix_txt'] = 'Prefix Webdav računu'; $wb['ftpuser_prefix_txt'] = 'Prefiks FTP računu'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu naziva baze.'; $wb['dbuser_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu naziva korisnika baze.'; $wb['ftpuser_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu FTP računa.'; diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng index cdb3113662..eb415110af 100644 --- a/interface/web/admin/lib/lang/hu_system_config.lng +++ b/interface/web/admin/lib/lang/hu_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Database name prefix'; $wb['dbuser_prefix_txt'] = 'Database user prefix'; $wb['shelluser_prefix_txt'] = 'Shell user prefix'; $wb['ftpuser_prefix_txt'] = 'FTP user prefix'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng index f9b3f87a00..0e31573e48 100644 --- a/interface/web/admin/lib/lang/id_system_config.lng +++ b/interface/web/admin/lib/lang/id_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefiks nama database'; $wb['dbuser_prefix_txt'] = 'Prefiks pengguna database'; $wb['shelluser_prefix_txt'] = 'Prefiks pengguna shell'; $wb['ftpuser_prefix_txt'] = 'Prefiks pengguna FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks nama database.'; $wb['dbuser_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks pengguna database.'; $wb['ftpuser_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks pengguna ftp.'; diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng index 2f8950d7a3..bb6ed70a12 100644 --- a/interface/web/admin/lib/lang/it_system_config.lng +++ b/interface/web/admin/lib/lang/it_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefisso nome database'; $wb['dbuser_prefix_txt'] = 'Prefisso utente database'; $wb['shelluser_prefix_txt'] = 'Prefisso utente Shell'; $wb['ftpuser_prefix_txt'] = 'Prefisso utente FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome database.'; $wb['dbuser_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome utente database.'; $wb['ftpuser_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome utente FTP.'; diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng index 744d83a705..e0b40069b9 100644 --- a/interface/web/admin/lib/lang/ja_system_config.lng +++ b/interface/web/admin/lib/lang/ja_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'データベース名のプリフィックス'; $wb['dbuser_prefix_txt'] = 'データベースユーザー名のプリフィックス'; $wb['shelluser_prefix_txt'] = 'Shellユーザー名のプリフィックス'; $wb['ftpuser_prefix_txt'] = 'FTPユーザー名のプリフィックス'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'データベースのプリフィックスとして不正な値が指定されています。'; $wb['dbuser_prefix_error_regex'] = 'データベースユーザーのプリフィックスとして不正な値が指定されています。'; $wb['ftpuser_prefix_error_regex'] = 'FTPユーザーのプリフィックスとして不正な値が指定されています。'; diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng index b40ce96285..d38d346864 100644 --- a/interface/web/admin/lib/lang/nl_system_config.lng +++ b/interface/web/admin/lib/lang/nl_system_config.lng @@ -10,6 +10,10 @@ $wb['dbuser_prefix_txt'] = 'Database gebruiker voorvoegsel'; $wb['shelluser_prefix_txt'] = 'Shell gebruiker voorvoegsel'; $wb['webdavuser_prefix_txt'] = 'Webdav gebruiker voorvoegsel'; $wb['ftpuser_prefix_txt'] = 'FTP gebruiker voorvoegsel'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char niet toegestaan in database naam voorvoegsel.'; $wb['dbuser_prefix_error_regex'] = 'Char niet toegestaan in database gebruiker voorvoegsel.'; $wb['ftpuser_prefix_error_regex'] = 'Char niet toegestaan in ftp gebruiker voorvoegsel.'; diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng index 5431213977..45a7f98f16 100644 --- a/interface/web/admin/lib/lang/pl_system_config.lng +++ b/interface/web/admin/lib/lang/pl_system_config.lng @@ -5,6 +5,10 @@ $wb['dbname_prefix_txt'] = 'Prefiks nazwy bazy danych'; $wb['dbuser_prefix_txt'] = 'Prefiks użytkownika bazy danych'; $wb['shelluser_prefix_txt'] = 'Prefiks użytkownika shell'; $wb['ftpuser_prefix_txt'] = 'Prefiks użytkownika FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy bazy danych.'; $wb['dbuser_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy użytkownika bazy danych.'; $wb['ftpuser_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy użytkownika ftp.'; diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng index 8c995047b4..db8cd60ea1 100644 --- a/interface/web/admin/lib/lang/pt_system_config.lng +++ b/interface/web/admin/lib/lang/pt_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefixo Nome da Base de Dados'; $wb['dbuser_prefix_txt'] = 'Prefixo Utilizador da Base de Dados'; $wb['shelluser_prefix_txt'] = 'Prefixo Utilizador de Shell'; $wb['ftpuser_prefix_txt'] = 'Prefixo Utilizador FTP'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Caractere não permitido para o prefixo do nome da Base de Dados!'; $wb['dbuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Utilizador da Base de Dados!'; $wb['ftpuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Utilizador FTP!'; diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng index 9fd8e4d587..8339e3c433 100644 --- a/interface/web/admin/lib/lang/ro_system_config.lng +++ b/interface/web/admin/lib/lang/ro_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Database name prefix'; $wb['dbuser_prefix_txt'] = 'Database user prefix'; $wb['shelluser_prefix_txt'] = 'Shell user prefix'; $wb['ftpuser_prefix_txt'] = 'FTP user prefix'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng index 55c8731515..fe126ae76e 100644 --- a/interface/web/admin/lib/lang/ru_system_config.lng +++ b/interface/web/admin/lib/lang/ru_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Префикс базы данных'; $wb['dbuser_prefix_txt'] = 'Префикс пользователя базы данных'; $wb['shelluser_prefix_txt'] = 'Префикс shell-пользователя'; $wb['ftpuser_prefix_txt'] = 'Префикс FTP пользователя'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Некорректный символ в префиксе базы данных'; $wb['dbuser_prefix_error_regex'] = 'Некорректный символ в префиксе пользователя базы данных'; $wb['ftpuser_prefix_error_regex'] = 'Некорректный символ в префиксе FTP пользователя'; diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng index d3de89aa55..237af939a2 100644 --- a/interface/web/admin/lib/lang/se_system_config.lng +++ b/interface/web/admin/lib/lang/se_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefix för databasnamn'; $wb['dbuser_prefix_txt'] = 'Prefix för databasanvändare'; $wb['shelluser_prefix_txt'] = 'Prefix för shell-användare'; $wb['ftpuser_prefix_txt'] = 'Prefix för FTP-användare'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Otillåtet tecken i prefix för databasnamn.'; $wb['dbuser_prefix_error_regex'] = 'Otillåtet tecken i prefix för databasanvändare.'; $wb['ftpuser_prefix_error_regex'] = 'Otillåtet tecken i prefix för FTP-användare.'; diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng index 1e85adca8c..fac6a25633 100644 --- a/interface/web/admin/lib/lang/sk_system_config.lng +++ b/interface/web/admin/lib/lang/sk_system_config.lng @@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Predpona názvu databázy '; $wb['dbuser_prefix_txt'] = 'Predpona databáza užívateľa'; $wb['shelluser_prefix_txt'] = 'Predpona Shell užívateľa'; $wb['ftpuser_prefix_txt'] = 'Predpona FTP užívateľ'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char nie je povolený v prefix názov databázy.'; $wb['dbuser_prefix_error_regex'] = 'Char nie je povolené v databáze predpone user.'; $wb['ftpuser_prefix_error_regex'] = 'Char nie je povolené v ftp užívateľ predpone .'; diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng index 6054bebc88..a83f9a32e2 100644 --- a/interface/web/admin/lib/lang/tr_system_config.lng +++ b/interface/web/admin/lib/lang/tr_system_config.lng @@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Etki alanları web sitesi şeklinde oluşturulsun $wb['vhost_subdomains_note_txt'] = 'Sistemde sanal sunucu alt etki alanları varken bu seçenek devre dışı bırakılamaz!'; $wb['vhost_aliasdomains_txt'] = 'Takma etki alanı web sitesi olarak eklensin'; $wb['vhost_aliasdomains_note_txt'] = 'Sistemde sanal sunucu takma etki alanları varken bu seçenek devre dışı bırakılamaz!'; +$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Veritabanı adı ön ekinde izin verilmeyen karakterler var'; $wb['dbuser_prefix_error_regex'] = 'Veritabanı kullanıcısı ön ekinde izin verilmeyen karakterler var'; $wb['ftpuser_prefix_error_regex'] = 'FTP kullanıcısı ön ekinde izin verilmeyen karakterler var'; diff --git a/interface/web/admin/templates/system_config_sites_edit.htm b/interface/web/admin/templates/system_config_sites_edit.htm index 9a36e3275e..fc3f303681 100644 --- a/interface/web/admin/templates/system_config_sites_edit.htm +++ b/interface/web/admin/templates/system_config_sites_edit.htm @@ -25,13 +25,32 @@
-
-
- -
- {tmpl_var name='client_protection'} -
+
+
+
+ +
+
+
+ +
+
+
+ +
+
+
+ +
+ {tmpl_var name='acme_dns_api_insecure'} +
+
+
+ +
+ {tmpl_var name='client_protection'}
+
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index bce4e7b84a..f2b384507f 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -56,6 +56,9 @@ class letsencrypt { public function get_acme_command($domains, $key_file, $bundle_file, $cert_file, $server_type = 'apache') { global $app, $conf; + $app->uses('getconf'); + $global_sites_config = $app->getconf->get_global_config('sites'); + $letsencrypt = $this->get_acme_script(); $cmd = ''; @@ -74,7 +77,29 @@ class letsencrypt { $cert_arg = '--fullchain-file ' . escapeshellarg($bundle_file) . ' --cert-file ' . escapeshellarg($cert_file); } - $cmd = 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $cmd . ' -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi'; + $dns = ''; + if($global_sites_config['acme_dns_ISPC_User'] != '') { + $dns_variables = array(); + $dns_variables[] = "ISPC_User=" . $dns_ISPC_User; + $dns_variables[] = "ISPC_Password=" . $dns_ISPC_Password; + $dns_variables[] = "ISPC_Api=" . $dns_ISPC_Api; + $dns_variables[] = "ISPC_Api_Insecure=" . $dns_ISPC_Api_Insecure; + $dns_variables_cmd = ''; + foreach($dns_variables as $dns_variable) { + $dns_variables_cmd .= $dns_variable . ' ; '; + } + $dns = ' --dns dns_ispconfig '; + } + + if($dns == '') { + return false; + } + + if($dns_variables_cmd == '') { + return false; + } + + $cmd = $dns_variables_cmd . 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $dns . $cmd . ' -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi'; return $cmd; } @@ -276,9 +301,9 @@ class letsencrypt { if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { $domain = $data['new']['domain']; - if(substr($domain, 0, 2) === '*.') { - // wildcard domain not yet supported by letsencrypt! - $app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN); + if(substr($domain, 0, 2) === '*.' && $use_acme = false) { + // DNS-01 verification is needed for wildcard certificate requests, but we do not support that for Certbot. + $app->log('Requesting a wildcard certificate from Let\'s Encrypt is not support when using certbot, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN); $domain = substr($domain, 2); } } @@ -387,12 +412,22 @@ class letsencrypt { if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) { $le_domains[] = $temp_domain; } else { - $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file)); - if($le_hash_check == $le_rnd_hash) { - $le_domains[] = $temp_domain; - $app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG); - } else { - $app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN); + if($global_sites_config['acme_dns_ISPC_User'] != '') { + $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file)); + if($le_hash_check == $le_rnd_hash) { + $le_domains[] = $temp_domain; + $app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG); + } else { + $app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN); + } + } else { + // TODO BEFORE MERGING: strip subdomains from $temp_domain as $root_temp_domain + if($app->dbmaster->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ? AND active = 'y'", $root_temp_domain . ".") != null) { + $le_domains[] = $temp_domain; + $app->log("Verified domain " . $temp_domain . " has a DNS zone for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG); + } else { + $app->log("Could not verify that domain " . $temp_domain . " has a DNS zone in this setup, so excluding it from Let\'s Encrypt request.", LOGLEVEL_WARN); + } } } } -- GitLab From 26a131555353e126a31b502e40e69df3cc36b6ef Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 29 Jan 2023 17:32:02 +0100 Subject: [PATCH 02/19] Fix typo's, declare dns variables (#4202) --- server/lib/classes/letsencrypt.inc.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index f2b384507f..e2a9dec5dc 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -78,7 +78,15 @@ class letsencrypt { } $dns = ''; - if($global_sites_config['acme_dns_ISPC_User'] != '') { + if($global_sites_config['acme_dns_user'] != '') { + $dns_ISPC_User = $global_sites_config['acme_dns_user']; + $dns_ISPC_Password = $global_sites_config['acme_dns_password']; + $dns_ISPC_Api = $global_sites_config['acme_dns_api']; + if ($global_sites_config['acme_dns_api_insecure'] == "y") { + $dns_ISPC_Api_Insecure = "1"; + } else { + $dns_ISPC_Api_Insecure = "0"; + } $dns_variables = array(); $dns_variables[] = "ISPC_User=" . $dns_ISPC_User; $dns_variables[] = "ISPC_Password=" . $dns_ISPC_Password; @@ -412,7 +420,7 @@ class letsencrypt { if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) { $le_domains[] = $temp_domain; } else { - if($global_sites_config['acme_dns_ISPC_User'] != '') { + if($global_sites_config['acme_dns_user'] != '') { $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file)); if($le_hash_check == $le_rnd_hash) { $le_domains[] = $temp_domain; -- GitLab From e8443374cfc77923cfacf756d43fc310c1ae6325 Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 29 Jan 2023 17:33:41 +0100 Subject: [PATCH 03/19] Improve terminology (#4202) --- interface/web/admin/lib/lang/ar_system_config.lng | 2 +- interface/web/admin/lib/lang/bg_system_config.lng | 2 +- interface/web/admin/lib/lang/br_system_config.lng | 2 +- interface/web/admin/lib/lang/ca_system_config.lng | 2 +- interface/web/admin/lib/lang/cz_system_config.lng | 2 +- interface/web/admin/lib/lang/de_system_config.lng | 2 +- interface/web/admin/lib/lang/dk_system_config.lng | 2 +- interface/web/admin/lib/lang/el_system_config.lng | 2 +- interface/web/admin/lib/lang/en_system_config.lng | 2 +- interface/web/admin/lib/lang/es_system_config.lng | 2 +- interface/web/admin/lib/lang/fi_system_config.lng | 2 +- interface/web/admin/lib/lang/fr_system_config.lng | 2 +- interface/web/admin/lib/lang/hr_system_config.lng | 2 +- interface/web/admin/lib/lang/hu_system_config.lng | 2 +- interface/web/admin/lib/lang/id_system_config.lng | 2 +- interface/web/admin/lib/lang/it_system_config.lng | 2 +- interface/web/admin/lib/lang/ja_system_config.lng | 2 +- interface/web/admin/lib/lang/nl_system_config.lng | 2 +- interface/web/admin/lib/lang/pl_system_config.lng | 2 +- interface/web/admin/lib/lang/pt_system_config.lng | 2 +- interface/web/admin/lib/lang/ro_system_config.lng | 2 +- interface/web/admin/lib/lang/ru_system_config.lng | 2 +- interface/web/admin/lib/lang/se_system_config.lng | 2 +- interface/web/admin/lib/lang/sk_system_config.lng | 2 +- interface/web/admin/lib/lang/tr_system_config.lng | 2 +- 25 files changed, 25 insertions(+), 25 deletions(-) diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng index 2aed8beaa0..6fc5fefc69 100644 --- a/interface/web/admin/lib/lang/ar_system_config.lng +++ b/interface/web/admin/lib/lang/ar_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'FTP user prefix'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng index 2f833a5e13..ad122058ff 100644 --- a/interface/web/admin/lib/lang/bg_system_config.lng +++ b/interface/web/admin/lib/lang/bg_system_config.lng @@ -8,7 +8,7 @@ $wb['ftpuser_prefix_txt'] = 'Потребителски префикс на FTP' $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Неразрешени символи в името на префикса.'; $wb['dbuser_prefix_error_regex'] = 'Неразрешени символи в името на префикса.'; $wb['ftpuser_prefix_error_regex'] = 'Неразрешени символи в името на ftp префикса.'; diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng index 4d93984ec3..6ddce9b689 100644 --- a/interface/web/admin/lib/lang/br_system_config.lng +++ b/interface/web/admin/lib/lang/br_system_config.lng @@ -21,7 +21,7 @@ $wb['vhost_aliasdomains_note_txt'] = 'Você não pode desabilitar esta configura $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Banco de Dados.'; $wb['dbuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo de usuário do Banco de Dados.'; $wb['ftpuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo de usuário FTP.'; diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng index 42325e955f..369f0cdd3a 100644 --- a/interface/web/admin/lib/lang/ca_system_config.lng +++ b/interface/web/admin/lib/lang/ca_system_config.lng @@ -21,7 +21,7 @@ $wb['vhost_aliasdomains_note_txt'] = 'You cannot disable this as long as vhost a $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng index d68239d4cd..3cc95b187c 100644 --- a/interface/web/admin/lib/lang/cz_system_config.lng +++ b/interface/web/admin/lib/lang/cz_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefix FTP uživatele'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Znak není povolen v prefixu databázovém názvu.'; $wb['dbuser_prefix_error_regex'] = 'Znak není povolen v prefixu databázového uživatele.'; $wb['ftpuser_prefix_error_regex'] = 'Znak není povolen v prefixu FTP uživatele.'; diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng index c70a2d53b4..2ae02e96de 100644 --- a/interface/web/admin/lib/lang/de_system_config.lng +++ b/interface/web/admin/lib/lang/de_system_config.lng @@ -17,7 +17,7 @@ $wb['vhost_aliasdomains_note_txt'] = 'Diese Einstellung kann nicht wieder deakti $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Zeichen nicht erlaubt in Datenbank Namen Präfix.'; $wb['dbuser_prefix_error_regex'] = 'Zeichen nicht erlaubt in Datenbank Benutzer Präfix.'; $wb['ftpuser_prefix_error_regex'] = 'Zeichen nicht erlaubt in FTP Benutzer Präfix.'; diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng index a778f6d625..61f88d4cbf 100644 --- a/interface/web/admin/lib/lang/dk_system_config.lng +++ b/interface/web/admin/lib/lang/dk_system_config.lng @@ -19,7 +19,7 @@ $wb['vhost_subdomains_note_txt'] = 'Du kan ikke deaktivere dette, så længe der $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char ikke tilladt i database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char ikke tilladt i database bruger prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char ikke tilladt i ftp bruger prefix.'; diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng index a55cd2ce5b..d855395adc 100644 --- a/interface/web/admin/lib/lang/el_system_config.lng +++ b/interface/web/admin/lib/lang/el_system_config.lng @@ -13,7 +13,7 @@ $wb['ftpuser_prefix_txt'] = 'Πρόθεμα Χρήστη FTP'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Ονόματος της Βάσης Δεδομένων.'; $wb['dbuser_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Χρήστη της Βάσης Δεδομένων.'; $wb['ftpuser_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Χρήστη ftp.'; diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng index 7841e97619..e7825ee5cf 100644 --- a/interface/web/admin/lib/lang/en_system_config.lng +++ b/interface/web/admin/lib/lang/en_system_config.lng @@ -21,7 +21,7 @@ $wb['vhost_aliasdomains_note_txt'] = 'You cannot disable this as long as vhost a $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng index c834ed2458..f1e0075ece 100644 --- a/interface/web/admin/lib/lang/es_system_config.lng +++ b/interface/web/admin/lib/lang/es_system_config.lng @@ -23,7 +23,7 @@ $wb['dblist_phpmyadmin_link_txt'] = 'Vínculo a phpMyAdmin en la lista de bases $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Carácter no permitido en el prefijo de nombre de base de datos.'; $wb['dbname_prefix_txt'] = 'Prefijo del nombre de la base de datos'; $wb['dbuser_prefix_error_regex'] = 'Carácter no permitido en el nombre del usuario de la base datos.'; diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng index 107dd281b9..ad46d471e9 100644 --- a/interface/web/admin/lib/lang/fi_system_config.lng +++ b/interface/web/admin/lib/lang/fi_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'FTP-käyttäjätunnuksen etuliite'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Tietokannan nimen etuliite on vääränlainen.'; $wb['dbuser_prefix_error_regex'] = 'Tietokannan käyttäjätunnuksen etuliite on vääränlainen.'; $wb['ftpuser_prefix_error_regex'] = 'FTP-käyttäjätunnuksen etuliite on vääränlainen.'; diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng index cecc200fc3..b151fee8f9 100644 --- a/interface/web/admin/lib/lang/fr_system_config.lng +++ b/interface/web/admin/lib/lang/fr_system_config.lng @@ -13,7 +13,7 @@ $wb['ftpuser_prefix_txt'] = 'Préfixe de l’utilisateur FTP'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe du nom de la BDD.'; $wb['dbuser_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe de l’utilisateur de la BDD.'; $wb['ftpuser_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe de l’utilisateur FTP.'; diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng index 375f6ea06a..fc63a6d401 100644 --- a/interface/web/admin/lib/lang/hr_system_config.lng +++ b/interface/web/admin/lib/lang/hr_system_config.lng @@ -10,7 +10,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefiks FTP računu'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu naziva baze.'; $wb['dbuser_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu naziva korisnika baze.'; $wb['ftpuser_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu FTP računa.'; diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng index eb415110af..018fb8019d 100644 --- a/interface/web/admin/lib/lang/hu_system_config.lng +++ b/interface/web/admin/lib/lang/hu_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'FTP user prefix'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng index 0e31573e48..502a3057f3 100644 --- a/interface/web/admin/lib/lang/id_system_config.lng +++ b/interface/web/admin/lib/lang/id_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefiks pengguna FTP'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks nama database.'; $wb['dbuser_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks pengguna database.'; $wb['ftpuser_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks pengguna ftp.'; diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng index bb6ed70a12..a9732397ed 100644 --- a/interface/web/admin/lib/lang/it_system_config.lng +++ b/interface/web/admin/lib/lang/it_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefisso utente FTP'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome database.'; $wb['dbuser_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome utente database.'; $wb['ftpuser_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome utente FTP.'; diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng index e0b40069b9..95d403bc38 100644 --- a/interface/web/admin/lib/lang/ja_system_config.lng +++ b/interface/web/admin/lib/lang/ja_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'FTPユーザー名のプリフィックス'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'データベースのプリフィックスとして不正な値が指定されています。'; $wb['dbuser_prefix_error_regex'] = 'データベースユーザーのプリフィックスとして不正な値が指定されています。'; $wb['ftpuser_prefix_error_regex'] = 'FTPユーザーのプリフィックスとして不正な値が指定されています。'; diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng index d38d346864..08ae1b1218 100644 --- a/interface/web/admin/lib/lang/nl_system_config.lng +++ b/interface/web/admin/lib/lang/nl_system_config.lng @@ -13,7 +13,7 @@ $wb['ftpuser_prefix_txt'] = 'FTP gebruiker voorvoegsel'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char niet toegestaan in database naam voorvoegsel.'; $wb['dbuser_prefix_error_regex'] = 'Char niet toegestaan in database gebruiker voorvoegsel.'; $wb['ftpuser_prefix_error_regex'] = 'Char niet toegestaan in ftp gebruiker voorvoegsel.'; diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng index 45a7f98f16..318e00dabb 100644 --- a/interface/web/admin/lib/lang/pl_system_config.lng +++ b/interface/web/admin/lib/lang/pl_system_config.lng @@ -8,7 +8,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefiks użytkownika FTP'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy bazy danych.'; $wb['dbuser_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy użytkownika bazy danych.'; $wb['ftpuser_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy użytkownika ftp.'; diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng index db8cd60ea1..ba82e8b810 100644 --- a/interface/web/admin/lib/lang/pt_system_config.lng +++ b/interface/web/admin/lib/lang/pt_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefixo Utilizador FTP'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Caractere não permitido para o prefixo do nome da Base de Dados!'; $wb['dbuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Utilizador da Base de Dados!'; $wb['ftpuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Utilizador FTP!'; diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng index 8339e3c433..c2e631d151 100644 --- a/interface/web/admin/lib/lang/ro_system_config.lng +++ b/interface/web/admin/lib/lang/ro_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'FTP user prefix'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.'; $wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.'; $wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.'; diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng index fe126ae76e..4fe995a697 100644 --- a/interface/web/admin/lib/lang/ru_system_config.lng +++ b/interface/web/admin/lib/lang/ru_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Префикс FTP пользователя'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Некорректный символ в префиксе базы данных'; $wb['dbuser_prefix_error_regex'] = 'Некорректный символ в префиксе пользователя базы данных'; $wb['ftpuser_prefix_error_regex'] = 'Некорректный символ в префиксе FTP пользователя'; diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng index 237af939a2..5bd4feece1 100644 --- a/interface/web/admin/lib/lang/se_system_config.lng +++ b/interface/web/admin/lib/lang/se_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Prefix för FTP-användare'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Otillåtet tecken i prefix för databasnamn.'; $wb['dbuser_prefix_error_regex'] = 'Otillåtet tecken i prefix för databasanvändare.'; $wb['ftpuser_prefix_error_regex'] = 'Otillåtet tecken i prefix för FTP-användare.'; diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng index fac6a25633..1403991a34 100644 --- a/interface/web/admin/lib/lang/sk_system_config.lng +++ b/interface/web/admin/lib/lang/sk_system_config.lng @@ -9,7 +9,7 @@ $wb['ftpuser_prefix_txt'] = 'Predpona FTP užívateľ'; $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Char nie je povolený v prefix názov databázy.'; $wb['dbuser_prefix_error_regex'] = 'Char nie je povolené v databáze predpone user.'; $wb['ftpuser_prefix_error_regex'] = 'Char nie je povolené v ftp užívateľ predpone .'; diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng index a83f9a32e2..89073151bd 100644 --- a/interface/web/admin/lib/lang/tr_system_config.lng +++ b/interface/web/admin/lib/lang/tr_system_config.lng @@ -21,7 +21,7 @@ $wb['vhost_aliasdomains_note_txt'] = 'Sistemde sanal sunucu takma etki alanları $wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):'; $wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):'; $wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):'; -$wb['acme_dns_api_insecure_txt'] = 'Check SSL certificate for ISPConfig API (used by acme.sh):'; +$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):'; $wb['dbname_prefix_error_regex'] = 'Veritabanı adı ön ekinde izin verilmeyen karakterler var'; $wb['dbuser_prefix_error_regex'] = 'Veritabanı kullanıcısı ön ekinde izin verilmeyen karakterler var'; $wb['ftpuser_prefix_error_regex'] = 'FTP kullanıcısı ön ekinde izin verilmeyen karakterler var'; -- GitLab From fbaeb888ded036485c1c4f0849266052ee7839b4 Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 29 Jan 2023 17:48:22 +0100 Subject: [PATCH 04/19] Improve log message (#4202) --- server/lib/classes/letsencrypt.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index e2a9dec5dc..81f76cde25 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -432,7 +432,7 @@ class letsencrypt { // TODO BEFORE MERGING: strip subdomains from $temp_domain as $root_temp_domain if($app->dbmaster->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ? AND active = 'y'", $root_temp_domain . ".") != null) { $le_domains[] = $temp_domain; - $app->log("Verified domain " . $temp_domain . " has a DNS zone for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG); + $app->log("Verified domain " . $temp_domain . " has a DNS zone in this setup for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG); } else { $app->log("Could not verify that domain " . $temp_domain . " has a DNS zone in this setup, so excluding it from Let\'s Encrypt request.", LOGLEVEL_WARN); } -- GitLab From bdbbb8b541bb4306d7560b49cc7eedfe2f2e164a Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 5 Feb 2023 20:45:53 +0100 Subject: [PATCH 05/19] Add check for zone existence when using DNS-01 verification (#4202) --- server/lib/classes/letsencrypt.inc.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 81f76cde25..b14bd2f5c5 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -428,9 +428,21 @@ class letsencrypt { } else { $app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN); } - } else { - // TODO BEFORE MERGING: strip subdomains from $temp_domain as $root_temp_domain - if($app->dbmaster->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ? AND active = 'y'", $root_temp_domain . ".") != null) { + } else { // DNS-01 verification + $temp_domain_parts = preg_split("/[.]/", $temp_domain); + foreach ($temp_domain_parts as $temp_domain_part) { + if (isset($temp_domain_parts['1'])) { + $queryDomains[] = preg_replace("/.*" . $temp_domain_parts['0'] . "\." . "/", "", $temp_domain); + array_shift($temp_domain_parts); + print_r($temp_domain_parts); + } + } + $queryOr = "origin = " . $temp_domain . "."; + foreach ($queryDomains as $domain) { + $queryOr .= " OR origin = " . $domain . "."; + } + + if($app->dbmaster->queryOneRecord("SELECT * FROM dns_soa WHERE active = y AND ?", $queryOr) != null) { $le_domains[] = $temp_domain; $app->log("Verified domain " . $temp_domain . " has a DNS zone in this setup for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG); } else { -- GitLab From 9ec71a04dc3864fa7b47f7e128d9db88b3193485 Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 5 Feb 2023 21:15:22 +0100 Subject: [PATCH 06/19] Remove debugging part --- server/lib/classes/letsencrypt.inc.php | 1 - 1 file changed, 1 deletion(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index b14bd2f5c5..349c885a5f 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -434,7 +434,6 @@ class letsencrypt { if (isset($temp_domain_parts['1'])) { $queryDomains[] = preg_replace("/.*" . $temp_domain_parts['0'] . "\." . "/", "", $temp_domain); array_shift($temp_domain_parts); - print_r($temp_domain_parts); } } $queryOr = "origin = " . $temp_domain . "."; -- GitLab From afed102d7ad6edf1f2fa4debf41e615f1450837a Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 5 Feb 2023 21:41:32 +0100 Subject: [PATCH 07/19] Fix SQL query (#4202) --- server/lib/classes/letsencrypt.inc.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 349c885a5f..991bb9283a 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -436,12 +436,12 @@ class letsencrypt { array_shift($temp_domain_parts); } } - $queryOr = "origin = " . $temp_domain . "."; - foreach ($queryDomains as $domain) { - $queryOr .= " OR origin = " . $domain . "."; + $queryOr = "origin = '" . $temp_domain . ".'"; + foreach ($queryDomains as $queryDomain) { + $queryOr .= " OR origin = '" . $queryDomain . ".'"; } - - if($app->dbmaster->queryOneRecord("SELECT * FROM dns_soa WHERE active = y AND ?", $queryOr) != null) { + $sql = "SELECT * FROM dns_soa WHERE active = 'y' AND " . $queryOr; + if (is_array($app->dbmaster->queryOneRecord($sql))) { $le_domains[] = $temp_domain; $app->log("Verified domain " . $temp_domain . " has a DNS zone in this setup for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG); } else { -- GitLab From 4fd5fddc3e4db0f42ea5a57f9b5e391135d315bc Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 5 Feb 2023 22:09:21 +0100 Subject: [PATCH 08/19] Fix exporting of DNS variables for acme.sh (#4202) --- server/lib/classes/letsencrypt.inc.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 991bb9283a..c9f17b883a 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -88,13 +88,13 @@ class letsencrypt { $dns_ISPC_Api_Insecure = "0"; } $dns_variables = array(); - $dns_variables[] = "ISPC_User=" . $dns_ISPC_User; - $dns_variables[] = "ISPC_Password=" . $dns_ISPC_Password; - $dns_variables[] = "ISPC_Api=" . $dns_ISPC_Api; - $dns_variables[] = "ISPC_Api_Insecure=" . $dns_ISPC_Api_Insecure; + $dns_variables[] = "ISPC_User='" . $dns_ISPC_User . "'"; + $dns_variables[] = "ISPC_Password='" . $dns_ISPC_Password . "'"; + $dns_variables[] = "ISPC_Api='" . $dns_ISPC_Api . "'"; + $dns_variables[] = "ISPC_Api_Insecure='" . $dns_ISPC_Api_Insecure . "'"; $dns_variables_cmd = ''; foreach($dns_variables as $dns_variable) { - $dns_variables_cmd .= $dns_variable . ' ; '; + $dns_variables_cmd .= "export " . $dns_variable . ' ; '; } $dns = ' --dns dns_ispconfig '; } -- GitLab From 20a88152a407c8c1271ba3166b7a68e59c18909d Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 5 Feb 2023 22:19:10 +0100 Subject: [PATCH 09/19] Fix double spaces --- server/lib/classes/letsencrypt.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index c9f17b883a..c9d83dc6aa 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -96,7 +96,7 @@ class letsencrypt { foreach($dns_variables as $dns_variable) { $dns_variables_cmd .= "export " . $dns_variable . ' ; '; } - $dns = ' --dns dns_ispconfig '; + $dns = '--dns dns_ispconfig'; } if($dns == '') { -- GitLab From 1cba34abd212b933aa442a5ff5b246e17410a680 Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 5 Feb 2023 22:47:50 +0100 Subject: [PATCH 10/19] Only add -w if http-01 verification is done (#4202) --- server/lib/classes/letsencrypt.inc.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index c9d83dc6aa..8f24d2e4c7 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -97,6 +97,8 @@ class letsencrypt { $dns_variables_cmd .= "export " . $dns_variable . ' ; '; } $dns = '--dns dns_ispconfig'; + } else { // use HTTP-01 verification + $cmd .= " -w /usr/local/ispconfig/interface/acme"; } if($dns == '') { @@ -107,7 +109,7 @@ class letsencrypt { return false; } - $cmd = $dns_variables_cmd . 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $dns . $cmd . ' -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi'; + $cmd = $dns_variables_cmd . 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $dns . $cmd . ' --always-force-new-domain-key --keylength 4096 --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . ' ; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi'; return $cmd; } @@ -381,7 +383,7 @@ class letsencrypt { $aliasdomains = null; //* be sure to have good domain - if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || $data['new']['subdomain'] == "*")) { + if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && ($use_acme = FALSE || $global_sites_config['acme_dns_user'] == '')))) { $temp_domains[] = "www." . $domain; } @@ -398,7 +400,7 @@ class letsencrypt { if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; - if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR $aliasdomain['subdomain'] == "*")) { + if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR ($data['new']['subdomain'] == "*" && ($use_acme = FALSE || $global_sites_config['acme_dns_user'] == '')))) { $temp_domains[] = "www." . $aliasdomain['domain']; } } -- GitLab From 764ce12f8d1168ed41d0d4ba6baa404a2c45b37c Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 6 Feb 2023 11:47:16 +0100 Subject: [PATCH 11/19] Improve and fix checks for DNS-01 verification (#4202) --- server/lib/classes/letsencrypt.inc.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 8f24d2e4c7..4e95818432 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -311,7 +311,7 @@ class letsencrypt { if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { $domain = $data['new']['domain']; - if(substr($domain, 0, 2) === '*.' && $use_acme = false) { + if(substr($domain, 0, 2) === '*.' && !$use_acme) { // DNS-01 verification is needed for wildcard certificate requests, but we do not support that for Certbot. $app->log('Requesting a wildcard certificate from Let\'s Encrypt is not support when using certbot, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN); $domain = substr($domain, 2); @@ -354,6 +354,7 @@ class letsencrypt { $app->uses('getconf'); $web_config = $app->getconf->get_server_config($conf['server_id'], 'web'); $server_config = $app->getconf->get_server_config($conf['server_id'], 'server'); + $global_sites_config = $app->getconf->get_global_config('sites'); $use_acme = false; if($this->get_acme_script()) { @@ -383,8 +384,10 @@ class letsencrypt { $aliasdomains = null; //* be sure to have good domain - if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && ($use_acme = FALSE || $global_sites_config['acme_dns_user'] == '')))) { + if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '')))) { $temp_domains[] = "www." . $domain; + } elseif ($data['new']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '')) { + $temp_domains[] = "*." . $domain; } //* then, add subdomain if we have @@ -400,7 +403,7 @@ class letsencrypt { if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; - if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR ($data['new']['subdomain'] == "*" && ($use_acme = FALSE || $global_sites_config['acme_dns_user'] == '')))) { + if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR $aliasdomain['subdomain'] == "*")) { $temp_domains[] = "www." . $aliasdomain['domain']; } } @@ -422,7 +425,7 @@ class letsencrypt { if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) { $le_domains[] = $temp_domain; } else { - if($global_sites_config['acme_dns_user'] != '') { + if($global_sites_config['acme_dns_user'] == '' || !$use_acme) { $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file)); if($le_hash_check == $le_rnd_hash) { $le_domains[] = $temp_domain; -- GitLab From 15f9c63d2827a6738d6f5068dc17ae2aba9a9ebd Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 6 Feb 2023 11:51:56 +0100 Subject: [PATCH 12/19] Quote subdomains properly for regex --- server/lib/classes/letsencrypt.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 4e95818432..5eb741ba6b 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -437,7 +437,7 @@ class letsencrypt { $temp_domain_parts = preg_split("/[.]/", $temp_domain); foreach ($temp_domain_parts as $temp_domain_part) { if (isset($temp_domain_parts['1'])) { - $queryDomains[] = preg_replace("/.*" . $temp_domain_parts['0'] . "\." . "/", "", $temp_domain); + $queryDomains[] = preg_replace("/.*" . preg_quote($temp_domain_parts['0']) . "\." . "/", "", $temp_domain); array_shift($temp_domain_parts); } } -- GitLab From c95cb8e1ad0376914d540dca263be7421faf0906 Mon Sep 17 00:00:00 2001 From: Thom Date: Sun, 12 Feb 2023 21:43:44 +0100 Subject: [PATCH 13/19] Fix wildcard check for alias domains(#4202) --- server/lib/classes/letsencrypt.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 5eb741ba6b..6fd1c3aac2 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -403,8 +403,10 @@ class letsencrypt { if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; - if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR $aliasdomain['subdomain'] == "*")) { + if (isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['domain']['subdomain'] == "www" || ($aliasdomain['domain']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '')))) { $temp_domains[] = "www." . $aliasdomain['domain']; + } elseif ($aliasdomain['domain']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '')) { + $temp_domains[] = "*." . $aliasdomain['domain']; } } } -- GitLab From 00c8adf7cbe2de5556fc68cdce0d20127a5281f0 Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 13 Feb 2023 13:31:38 +0100 Subject: [PATCH 14/19] Add check for PowerDNS as DNS-01 verification is currently not supported when using a single server AND PowerDNS, and add function to modify BIND zonefile on single server setups (#4202) --- server/lib/classes/letsencrypt.inc.php | 52 ++++++++++++++++++++------ 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 6fd1c3aac2..693261645d 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -78,7 +78,7 @@ class letsencrypt { } $dns = ''; - if($global_sites_config['acme_dns_user'] != '') { + if($global_sites_config['acme_dns_user'] != '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false)) { $dns_ISPC_User = $global_sites_config['acme_dns_user']; $dns_ISPC_Password = $global_sites_config['acme_dns_password']; $dns_ISPC_Api = $global_sites_config['acme_dns_api']; @@ -384,9 +384,9 @@ class letsencrypt { $aliasdomains = null; //* be sure to have good domain - if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '')))) { + if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))))) { $temp_domains[] = "www." . $domain; - } elseif ($data['new']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '')) { + } elseif ($data['new']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))) { $temp_domains[] = "*." . $domain; } @@ -403,9 +403,9 @@ class letsencrypt { if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; - if (isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['domain']['subdomain'] == "www" || ($aliasdomain['domain']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '')))) { + if (isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['domain']['subdomain'] == "www" || ($aliasdomain['domain']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))))) { $temp_domains[] = "www." . $aliasdomain['domain']; - } elseif ($aliasdomain['domain']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '')) { + } elseif ($aliasdomain['domain']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))) { $temp_domains[] = "*." . $aliasdomain['domain']; } } @@ -427,7 +427,7 @@ class letsencrypt { if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) { $le_domains[] = $temp_domain; } else { - if($global_sites_config['acme_dns_user'] == '' || !$use_acme) { + if($global_sites_config['acme_dns_user'] == '' || !$use_acme || (isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == true)) { $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file)); if($le_hash_check == $le_rnd_hash) { $le_domains[] = $temp_domain; @@ -443,12 +443,16 @@ class letsencrypt { array_shift($temp_domain_parts); } } - $queryOr = "origin = '" . $temp_domain . ".'"; foreach ($queryDomains as $queryDomain) { - $queryOr .= " OR origin = '" . $queryDomain . ".'"; + $sql = "SELECT * FROM dns_soa WHERE active = 'y' AND origin = '" . $queryDomain . ".'"; + if (is_array($app->dbmaster->queryOneRecord($sql))) { + $zoneExists = true; + $zonedomain = $queryDomain; + $dns_server_id = $sql['server_id']; + break; + } } - $sql = "SELECT * FROM dns_soa WHERE active = 'y' AND " . $queryOr; - if (is_array($app->dbmaster->queryOneRecord($sql))) { + if ($zoneExists) { $le_domains[] = $temp_domain; $app->log("Verified domain " . $temp_domain . " has a DNS zone in this setup for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG); } else { @@ -488,12 +492,38 @@ class letsencrypt { } $success = false; + + if($letsencrypt_cmd) { if(!isset($server_config['migration_mode']) || $server_config['migration_mode'] != 'y') { $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); $app->log("Let's Encrypt SSL Cert domains: $cli_domain_arg", LOGLEVEL_DEBUG); - $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes); + if ($use_acme && $global_sites_config['acme_dns_user'] != '' && $dns_server_id == $conf["server_id"]) { + $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); + $zonefile = $dns_config['bind_zonefiles_dir'].'/'. "pri." . $zonedomain; + $datalogfound = false; + while ($success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes)) { + while (!$datalogfound) { + $sql = "SELECT data FROM sys_datalog WHERE dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%' AND status = 'pending'"; + $datalogs = $app->dbmaster->queryAllRecords($sql); + if (is_array($datalogs)) { + foreach ($datalogs as $datalog) { + $datalog = unserialize($datalog); + $hostname = $datalog['new']['name']; + $data = $datalog['new']['data']; + $record = "\n" . $hostname . "." . $zonedomain . "." . " 3600 TXT \"" . $data . "\""; + file_put_contents($zonefile, $record, FILE_APPEND | LOCK_EX); + } + $app->services->restartService('named', 'restart'); + $datalogfound = true; + break; + } + } + } + } else { + $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes); + } } else { $app->log("Migration mode active, skipping Let's Encrypt SSL Cert creation for: $domain", LOGLEVEL_DEBUG); $success = true; -- GitLab From 75d2a6358e7a07c9f210cf14c9ecbbb501f315b4 Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 13 Feb 2023 15:22:30 +0100 Subject: [PATCH 15/19] Fix BIND file modification (#4202) --- server/lib/classes/letsencrypt.inc.php | 39 +++++++++++++++----------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 693261645d..e3720153e6 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -445,10 +445,11 @@ class letsencrypt { } foreach ($queryDomains as $queryDomain) { $sql = "SELECT * FROM dns_soa WHERE active = 'y' AND origin = '" . $queryDomain . ".'"; - if (is_array($app->dbmaster->queryOneRecord($sql))) { + $soa = $app->dbmaster->queryOneRecord($sql); + if (is_array($soa)) { $zoneExists = true; $zonedomain = $queryDomain; - $dns_server_id = $sql['server_id']; + $dns_server_id = $soa['server_id']; break; } } @@ -500,25 +501,29 @@ class letsencrypt { $app->log("Let's Encrypt SSL Cert domains: $cli_domain_arg", LOGLEVEL_DEBUG); if ($use_acme && $global_sites_config['acme_dns_user'] != '' && $dns_server_id == $conf["server_id"]) { + $firstrun = true; $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); $zonefile = $dns_config['bind_zonefiles_dir'].'/'. "pri." . $zonedomain; $datalogfound = false; - while ($success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes)) { - while (!$datalogfound) { - $sql = "SELECT data FROM sys_datalog WHERE dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%' AND status = 'pending'"; - $datalogs = $app->dbmaster->queryAllRecords($sql); - if (is_array($datalogs)) { - foreach ($datalogs as $datalog) { - $datalog = unserialize($datalog); - $hostname = $datalog['new']['name']; - $data = $datalog['new']['data']; - $record = "\n" . $hostname . "." . $zonedomain . "." . " 3600 TXT \"" . $data . "\""; - file_put_contents($zonefile, $record, FILE_APPEND | LOCK_EX); - } - $app->services->restartService('named', 'restart'); - $datalogfound = true; - break; + while (!$datalogfound) { + if ($firstrun == true) { + $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes); + $firstrun = false; + } + $sql = "SELECT data FROM sys_datalog WHERE dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%' AND status = 'pending'"; + $datalogs = $app->dbmaster->queryAllRecords($sql); + if (is_array($datalogs)) { + foreach ($datalogs as $datalog) { + $datalog = unserialize($datalog); + $hostname = $datalog['new']['name']; + $data = $datalog['new']['data']; + $record = "\n" . $hostname . "." . $zonedomain . "." . " 3600 TXT \"" . $data . "\""; + file_put_contents($zonefile, $record, FILE_APPEND | LOCK_EX); } + $app->services->registerService('bind', 'dns_module', 'restartBind'); + $app->services->restartService('bind', 'restart'); + $datalogfound = true; + break; } } } else { -- GitLab From 40c382682c848d70c73e6c786e74af334329412e Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 13 Feb 2023 15:37:19 +0100 Subject: [PATCH 16/19] Fix DNS zone check for subdomains (#4202) --- server/lib/classes/letsencrypt.inc.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index e3720153e6..32b4877ddd 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -438,10 +438,8 @@ class letsencrypt { } else { // DNS-01 verification $temp_domain_parts = preg_split("/[.]/", $temp_domain); foreach ($temp_domain_parts as $temp_domain_part) { - if (isset($temp_domain_parts['1'])) { - $queryDomains[] = preg_replace("/.*" . preg_quote($temp_domain_parts['0']) . "\." . "/", "", $temp_domain); - array_shift($temp_domain_parts); - } + $queryDomains[] = preg_replace("/.*" . preg_quote($temp_domain_parts['0']) . "\." . "/", "", $temp_domain); + array_shift($temp_domain_parts); } foreach ($queryDomains as $queryDomain) { $sql = "SELECT * FROM dns_soa WHERE active = 'y' AND origin = '" . $queryDomain . ".'"; -- GitLab From ed6365e32d9d6a754f944c8d95fe7900503223be Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 13 Feb 2023 17:44:46 +0100 Subject: [PATCH 17/19] Fix BIND manipulation (#4202) --- server/lib/classes/letsencrypt.inc.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 32b4877ddd..0165dc1a8d 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -505,23 +505,29 @@ class letsencrypt { $datalogfound = false; while (!$datalogfound) { if ($firstrun == true) { - $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes); + $success = $app->system->_exec("(" . $letsencrypt_cmd . ") > /dev/null &", $allow_return_codes); $firstrun = false; } - $sql = "SELECT data FROM sys_datalog WHERE dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%' AND status = 'pending'"; + $sql = "SELECT data FROM sys_datalog,server WHERE sys_datalog.server_id = \"1\" AND sys_datalog.datalog_id > server.updated AND sys_datalog.dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%'"; $datalogs = $app->dbmaster->queryAllRecords($sql); if (is_array($datalogs)) { + $app->log("Found datalog for acme-challenge, appending to zonefile.", LOGLEVEL_DEBUG); foreach ($datalogs as $datalog) { - $datalog = unserialize($datalog); + $datalog = unserialize($datalog['data']); $hostname = $datalog['new']['name']; $data = $datalog['new']['data']; $record = "\n" . $hostname . "." . $zonedomain . "." . " 3600 TXT \"" . $data . "\""; - file_put_contents($zonefile, $record, FILE_APPEND | LOCK_EX); + $app->system->file_put_contents($zonefile, $record); } $app->services->registerService('bind', 'dns_module', 'restartBind'); $app->services->restartService('bind', 'restart'); + $app->log("Waiting for acme.sh script to finish.", LOGLEVEL_DEBUG); + sleep(60); $datalogfound = true; break; + } else { + $app->log("Can not find the datalog for the acme-challenge yet, waiting 20 seconds.", LOGLEVEL_DEBUG); + sleep(20); } } } else { -- GitLab From 1b3a56b0c482d3c6de94e1c770a076c4c1f65c27 Mon Sep 17 00:00:00 2001 From: Thom Date: Mon, 13 Feb 2023 18:02:19 +0100 Subject: [PATCH 18/19] Hacky BIND modification seems not to be needed, just run the acme.sh command in the background and the next server cron will create the needed DNS records (#4202) --- server/lib/classes/letsencrypt.inc.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 0165dc1a8d..5d377cbd65 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -499,7 +499,8 @@ class letsencrypt { $app->log("Let's Encrypt SSL Cert domains: $cli_domain_arg", LOGLEVEL_DEBUG); if ($use_acme && $global_sites_config['acme_dns_user'] != '' && $dns_server_id == $conf["server_id"]) { - $firstrun = true; + $success = $app->system->_exec("(" . $letsencrypt_cmd . ") > /dev/null &", $allow_return_codes); // the code below seems not be needed, written on 13-02-2023. It can be removed if acme.sh with DNS-01 verification works well on single server setups. + /*$firstrun = true; $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); $zonefile = $dns_config['bind_zonefiles_dir'].'/'. "pri." . $zonedomain; $datalogfound = false; @@ -511,12 +512,12 @@ class letsencrypt { $sql = "SELECT data FROM sys_datalog,server WHERE sys_datalog.server_id = \"1\" AND sys_datalog.datalog_id > server.updated AND sys_datalog.dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%'"; $datalogs = $app->dbmaster->queryAllRecords($sql); if (is_array($datalogs)) { - $app->log("Found datalog for acme-challenge, appending to zonefile.", LOGLEVEL_DEBUG); foreach ($datalogs as $datalog) { $datalog = unserialize($datalog['data']); $hostname = $datalog['new']['name']; $data = $datalog['new']['data']; $record = "\n" . $hostname . "." . $zonedomain . "." . " 3600 TXT \"" . $data . "\""; + $app->log("Found datalog for acme-challenge, appending to zonefile with record: " . $record, LOGLEVEL_DEBUG); $app->system->file_put_contents($zonefile, $record); } $app->services->registerService('bind', 'dns_module', 'restartBind'); @@ -529,7 +530,7 @@ class letsencrypt { $app->log("Can not find the datalog for the acme-challenge yet, waiting 20 seconds.", LOGLEVEL_DEBUG); sleep(20); } - } + }*/ } else { $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes); } -- GitLab From ac169bbd15098ca34b42c5aedf440133744f8b9a Mon Sep 17 00:00:00 2001 From: Herman van Rink Date: Fri, 24 Feb 2023 14:36:01 +0100 Subject: [PATCH 19/19] Reduce line length and complexity. --- server/lib/classes/letsencrypt.inc.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php index 5d377cbd65..3d576ded80 100644 --- a/server/lib/classes/letsencrypt.inc.php +++ b/server/lib/classes/letsencrypt.inc.php @@ -382,11 +382,17 @@ class letsencrypt { $cli_domain_arg = ''; $subdomains = null; $aliasdomains = null; + $powerdns = (isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false); //* be sure to have good domain - if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))))) { + if (substr($domain, 0, 4) != 'www.' + && ($data['new']['subdomain'] == "www" + || ($data['new']['subdomain'] == "*" + && (!$powerdns && !$use_acme || $global_sites_config['acme_dns_user'] == '')))) { $temp_domains[] = "www." . $domain; - } elseif ($data['new']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))) { + } + elseif ($data['new']['subdomain'] == "*" + && (!$powerdns && $use_acme && $global_sites_config['acme_dns_user'] != '')) { $temp_domains[] = "*." . $domain; } @@ -403,9 +409,9 @@ class letsencrypt { if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; - if (isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['domain']['subdomain'] == "www" || ($aliasdomain['domain']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))))) { + if (isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['domain']['subdomain'] == "www" || ($aliasdomain['domain']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '' && !$powerdns)))) { $temp_domains[] = "www." . $aliasdomain['domain']; - } elseif ($aliasdomain['domain']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false))) { + } elseif ($aliasdomain['domain']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '' && !$powerdns)) { $temp_domains[] = "*." . $aliasdomain['domain']; } } -- GitLab