only renew froxlor.panel LE cert if required
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -111,7 +111,8 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
'ssl_cert_file' => null,
|
||||
'ssl_key_file' => null,
|
||||
'ssl_ca_file' => null,
|
||||
'ssl_csr_file' => null
|
||||
'ssl_csr_file' => null,
|
||||
'id' => null
|
||||
);
|
||||
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
@@ -121,6 +122,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
");
|
||||
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
|
||||
|
||||
$insert_or_update_required = true;
|
||||
if ($froxlor_ssl) {
|
||||
$certrow['id'] = $froxlor_ssl['id'];
|
||||
$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
|
||||
@@ -128,60 +130,74 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
|
||||
$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
|
||||
$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
|
||||
}
|
||||
$domains = array(
|
||||
$certrow['domain'],
|
||||
'www.'.$certrow['domain']
|
||||
);
|
||||
|
||||
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
|
||||
|
||||
$cronlog = FroxlorLogger::getInstanceOf(array(
|
||||
'loginname' => $certrow['loginname']
|
||||
));
|
||||
|
||||
try {
|
||||
// Initialize Lescript with documentroot
|
||||
$le = new lescript($cronlog, $version);
|
||||
|
||||
// Initialize Lescript
|
||||
$le->initAccount($certrow, true);
|
||||
|
||||
// Request the new certificate (old key may be used)
|
||||
$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
|
||||
|
||||
// We are interessted in the expirationdate
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt,
|
||||
array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Settings::Set('system.le_froxlor_redirect', '1');
|
||||
}
|
||||
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
// check whether we have an entry with valid certificates which just does not need
|
||||
// updating yet, so we need to skip this here
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = '0'
|
||||
");
|
||||
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
|
||||
if ($froxlor_ssl && !empty($froxlor_ssl['ssl_cert_file'])) {
|
||||
$insert_or_update_required = false;
|
||||
}
|
||||
}
|
||||
|
||||
if ($insert_or_update_required)
|
||||
{
|
||||
$domains = array(
|
||||
$certrow['domain'],
|
||||
'www.'.$certrow['domain']
|
||||
);
|
||||
|
||||
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
|
||||
|
||||
$cronlog = FroxlorLogger::getInstanceOf(array(
|
||||
'loginname' => $certrow['loginname']
|
||||
));
|
||||
|
||||
try {
|
||||
// Initialize Lescript with documentroot
|
||||
$le = new lescript($cronlog, $version);
|
||||
|
||||
// Initialize Lescript
|
||||
$le->initAccount($certrow, true);
|
||||
|
||||
// Request the new certificate (old key may be used)
|
||||
$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
|
||||
|
||||
// We are interessted in the expirationdate
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt,
|
||||
array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Settings::Set('system.le_froxlor_redirect', '1');
|
||||
}
|
||||
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user