check dns for lets encrypt when adding/editing domains and via cron; fixes #971

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/Froxlor/Api/Commands/SubDomains.php

@@ -2,6 +2,7 @@
 namespace Froxlor\Api\Commands;
 
 use Froxlor\Database\Database;
+use Froxlor\Domain\Domain;
 use Froxlor\Settings;
 
 /**
@@ -230,6 +231,15 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				}
 			}
 
+			// validate dns if lets encrypt is enabled to check whether we can use it at all
+			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+				$our_ips = Domain::getIpsOfDomain($domain_check['id']);
+				$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($completedomain);
+				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
+					\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+				}
+			}
+
 			// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 			if ($ssl_redirect > 0 && $letsencrypt == 1) {
 				$ssl_redirect = 2;
@@ -595,6 +605,15 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			}
 		}
 
+		// validate dns if lets encrypt is enabled to check whether we can use it at all
+		if ($result['letsencrypt'] != $letsencrypt && $letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+			$our_ips = Domain::getIpsOfDomain($result['parentdomainid']);
+			$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($result['domain']);
+			if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
+				\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+			}
+		}
+
 		// We can't enable let's encrypt for wildcard-domains
 		if ($iswildcarddomain == '1' && $letsencrypt == '1') {
 			\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt');