Commit da413586 authored by Marius Burkard's avatar Marius Burkard
Browse files

Merge branch 'bugfix/6061_Improve-certbot-primary-domain-selection' into 'develop'

Add --cert-name option to certbot calls to set primary domain instead of --expand

Closes #6061

See merge request ispconfig/ispconfig3!1418
parents 829c0e4a 3f665700
......@@ -137,6 +137,7 @@ class letsencrypt {
return false;
}
$primary_domain = $domains[0];
$matches = array();
$ret = null;
$val = 0;
......@@ -151,18 +152,22 @@ class letsencrypt {
$acme_version = 'https://acme-v01.api.letsencrypt.org/directory';
}
if (version_compare($letsencrypt_version, '0.30', '>=')) {
$app->log("LE version is " . $letsencrypt_version . ", so using certificates command", LOGLEVEL_DEBUG);
$app->log("LE version is " . $letsencrypt_version . ", so using certificates command and --cert-name instead of --expand", LOGLEVEL_DEBUG);
$this->certbot_use_certcommand = true;
$webroot_map = array();
for($i = 0; $i < count($domains); $i++) {
$webroot_map[$domains[$i]] = '/usr/local/ispconfig/interface/acme';
}
$webroot_args = "--webroot-map " . escapeshellarg(str_replace(array("\r", "\n"), '', json_encode($webroot_map)));
// --cert-name might be working with earlier versions of certbot, but there is no exact version documented
// So for safety reasons we add it to the 0.30 version check as it is documented to work as expected in this version
$cert_selection_command = "--cert-name $primary_domain";
} else {
$webroot_args = "$cmd --webroot-path /usr/local/ispconfig/interface/acme";
$cert_selection_command = "--expand";
}
$cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server $acme_version --rsa-key-size 4096 --email postmaster@$domain $webroot_args";
$cmd = $letsencrypt . " certonly -n --text --agree-tos $cert_selection_command --authenticator webroot --server $acme_version --rsa-key-size 4096 --email webmaster@$primary_domain $webroot_args";
return $cmd;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment