Merge remote-tracking branch 'origin/master' into dns-editor
This commit is contained in:
Michael Kaufmann (d00p)
@@ -1,5 +1,4 @@
|
||||
<?php
|
||||
|
||||
if (! defined('MASTER_CRONJOB'))
|
||||
die('You cannot access this file directly!');
|
||||
|
||||
@@ -25,23 +24,74 @@ $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates"
|
||||
|
||||
if (! extension_loaded('curl')) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
|
||||
exit;
|
||||
exit();
|
||||
}
|
||||
|
||||
$certificates_stmt = Database::query("
|
||||
SELECT domssl.`id`, domssl.`domainid`, domssl.expirationdate, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, domssl.`ssl_csr_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`,
|
||||
dom.`documentroot`, dom.`id` as 'domainid', dom.`ssl_redirect`, cust.`leprivatekey`, cust.`lepublickey`, cust.customerid, cust.loginname
|
||||
FROM `" . TABLE_PANEL_CUSTOMERS . "` as cust, `" . TABLE_PANEL_DOMAINS . "` dom LEFT JOIN `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` domssl ON (dom.id = domssl.domainid)
|
||||
WHERE dom.customerid = cust.customerid AND dom.letsencrypt = 1 AND (domssl.expirationdate < DATE_ADD(NOW(), INTERVAL 30 DAY) OR domssl.expirationdate IS NULL)
|
||||
");
|
||||
$certificates_stmt = Database::query(
|
||||
"
|
||||
SELECT
|
||||
domssl.`id`,
|
||||
domssl.`domainid`,
|
||||
domssl.expirationdate,
|
||||
domssl.`ssl_cert_file`,
|
||||
domssl.`ssl_key_file`,
|
||||
domssl.`ssl_ca_file`,
|
||||
domssl.`ssl_csr_file`,
|
||||
dom.`domain`,
|
||||
dom.`wwwserveralias`,
|
||||
dom.`documentroot`,
|
||||
dom.`id` AS 'domainid',
|
||||
dom.`ssl_redirect`,
|
||||
cust.`leprivatekey`,
|
||||
cust.`lepublickey`,
|
||||
cust.`customerid`,
|
||||
cust.`loginname`
|
||||
FROM
|
||||
`" . TABLE_PANEL_CUSTOMERS . "` AS cust,
|
||||
`" . TABLE_PANEL_DOMAINS . "` AS dom
|
||||
LEFT JOIN
|
||||
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` AS domssl ON
|
||||
dom.`id` = domssl.`domainid`
|
||||
WHERE
|
||||
dom.`customerid` = cust.`customerid`
|
||||
AND dom.`letsencrypt` = 1
|
||||
AND dom.`aliasdomain` IS NULL
|
||||
AND dom.`iswildcarddomain` = 0
|
||||
AND (
|
||||
domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
|
||||
OR domssl.`expirationdate` IS NULL
|
||||
)
|
||||
");
|
||||
|
||||
$updcert_stmt = Database::prepare("
|
||||
REPLACE INTO `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` SET `id` = :id, `domainid` = :domainid, `ssl_cert_file` = :crt, `ssl_key_file` = :key, `ssl_ca_file` = :ca, `ssl_cert_chainfile` = :chain, `ssl_csr_file` = :csr, expirationdate = :expirationdate
|
||||
");
|
||||
$aliasdomains_stmt = Database::prepare(
|
||||
"
|
||||
SELECT
|
||||
dom.`id` as domainid,
|
||||
dom.`domain`,
|
||||
dom.`wwwserveralias`
|
||||
FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
|
||||
WHERE
|
||||
dom.`aliasdomain` = :id
|
||||
AND dom.`letsencrypt` = 1
|
||||
AND dom.`iswildcarddomain` = 0
|
||||
");
|
||||
|
||||
$upddom_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid
|
||||
");
|
||||
$updcert_stmt = Database::prepare(
|
||||
"
|
||||
REPLACE INTO
|
||||
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||
SET
|
||||
`id` = :id,
|
||||
`domainid` = :domainid,
|
||||
`ssl_cert_file` = :crt,
|
||||
`ssl_key_file` = :key,
|
||||
`ssl_ca_file` = :ca,
|
||||
`ssl_cert_chainfile` = :chain,
|
||||
`ssl_csr_file` = :csr,
|
||||
`expirationdate` = :expirationdate
|
||||
");
|
||||
|
||||
$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
|
||||
|
||||
$changedetected = 0;
|
||||
$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
@@ -56,25 +106,27 @@ foreach ($certrows as $certrow) {
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
|
||||
|
||||
if ($certrow['ssl_cert_file']) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt using old key / SAN for " . $certrow['domain']);
|
||||
// Parse the old certificate
|
||||
$x509data = openssl_x509_parse($certrow['ssl_cert_file']);
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']);
|
||||
$domains = array(
|
||||
$certrow['domain']
|
||||
);
|
||||
// add www.<domain> to SAN list
|
||||
if ($certrow['wwwserveralias'] == 1) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']);
|
||||
$domains[] = 'www.' . $certrow['domain'];
|
||||
}
|
||||
|
||||
// We are interessted in the old SAN - data
|
||||
$san = explode(', ', $x509data['extensions']['subjectAltName']);
|
||||
$domains = array();
|
||||
foreach ($san as $dnsname) {
|
||||
$domains[] = substr($dnsname, 4);
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating new key / SAN for " . $certrow['domain']);
|
||||
$domains = array(
|
||||
$certrow['domain']
|
||||
);
|
||||
// Add www.<domain> for SAN
|
||||
if ($certrow['wwwserveralias'] == 1) {
|
||||
$domains[] = 'www.' . $certrow['domain'];
|
||||
// add alias domains (and possibly www.<aliasdomain>) to SAN list
|
||||
Database::pexecute($aliasdomains_stmt, array(
|
||||
'id' => $certrow['domainid']
|
||||
));
|
||||
$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($aliasdomains as $aliasdomain) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']);
|
||||
$domains[] = $aliasdomain['domain'];
|
||||
if ($aliasdomain['wwwserveralias'] == 1) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']);
|
||||
$domains[] = 'www.' . $aliasdomain['domain'];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -92,16 +144,17 @@ foreach ($certrows as $certrow) {
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt, array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
Database::pexecute($updcert_stmt,
|
||||
array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Database::pexecute($upddom_stmt, array(
|
||||
@@ -113,10 +166,12 @@ foreach ($certrows as $certrow) {
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user