From 3e091da9db49fb46926320ff04e72e9e0e1e3164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristia=CC=81n=20Feldsam?= Date: Sun, 11 Dec 2016 13:43:56 +0100 Subject: [PATCH] Letsencrypt enhanced generation and logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kristián Feldsam --- .../plugins-available/apache2_plugin.inc.php | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index dfc7c46ced..747f925c64 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -1243,18 +1243,24 @@ class apache2_plugin { $success = false; $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt')); $letsencrypt = reset($letsencrypt); + $letsencrypt_cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"; if(is_executable($letsencrypt)) { - $success = $this->_exec($letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); + $success = $this->_exec($letsencrypt_cmd); } if(!$success) { // error issuing cert $app->log('Let\'s Encrypt SSL Cert for: ' . $domain . ' could not be issued.', LOGLEVEL_WARN); - $data['new']['ssl_letsencrypt'] = 'n'; - if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n'; - /* Update the DB of the (local) Server */ - $app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']); - /* Update also the master-DB of the Server-Farm */ - $app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']); + $app->log($letsencrypt_cmd, LOGLEVEL_WARN); + + // if cert already exists, dont remove it. Ex. expired/misstyped/noDnsYet alias domain, api down... + if(!file_exists($crt_tmp_file)) { + $data['new']['ssl_letsencrypt'] = 'n'; + if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n'; + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']); + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']); + } } //} @@ -3355,8 +3361,12 @@ class apache2_plugin { $ret = 0; $app->log('exec: '.$command, LOGLEVEL_DEBUG); exec($command, $out, $ret); - if($ret != 0) return false; - else return true; + if($ret != 0) { + $app->log(implode("\n", $out), LOGLEVEL_WARN); + return false; + } else { + return true; + } } private function _checkTcp ($host, $port) { -- GitLab