add field for fullchain to be stored in ssl-certificates-table; create fullchain file if given (it's not used by froxlor); do not generate/renew certificates for disabled customers domains

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

install/froxlor.sql

@@ -688,7 +688,7 @@ opcache.interned_strings_buffer'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'version', '0.9.39.5'),
-	('panel', 'db_version', '201802130');
+	('panel', 'db_version', '201802250');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -1004,6 +1004,7 @@ CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
   `ssl_ca_file` mediumtext,
   `ssl_cert_chainfile` mediumtext,
   `ssl_csr_file` mediumtext,
+  `ssl_fullchain_file` mediumtext,
   `expirationdate` datetime DEFAULT NULL,
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3939,3 +3939,12 @@ if (isFroxlorVersion('0.9.39.4')) {
 	showUpdateStep("Updating from 0.9.39.4 to 0.9.39.5", false);
 	updateToVersion('0.9.39.5');
 }
+
+if (isDatabaseVersion('201802130')) {
+
+	showUpdateStep("Adding fullchain field to ssl certificates");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` ADD `ssl_fullchain_file` mediumtext AFTER `ssl_csr_file`;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201802250');
+}

lib/classes/webserver/class.DomainSSL.php

@@ -89,6 +89,10 @@ class DomainSSL {
 					$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
 				}
 			}
+			// will only be generated to be used externally, froxlor does not need this
+			if ($dom_certs['ssl_fullchain_file'] != '') {
+				$ssl_files['ssl_fullchain_file'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_fullchain.pem');
+			}
 			// create them on the filesystem
 			foreach ($ssl_files as $type => $filename) {
 				if ($filename != '') {

lib/version.inc.php

@@ -19,7 +19,7 @@
 $version = '0.9.39.5';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201802130';
+$dbversion = '201802250';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

scripts/jobs/cron_letsencrypt.php

@@ -60,6 +60,7 @@ $certificates_stmt = Database::query("
 				dom.`id` = domssl.`domainid`
 		WHERE
 			dom.`customerid` = cust.`customerid`
+			AND cust.deactivated = 0
 			AND dom.`letsencrypt` = 1
 			AND dom.`aliasdomain` IS NULL
 			AND dom.`iswildcarddomain` = 0
@@ -92,6 +93,7 @@ $updcert_stmt = Database::prepare("
 			`ssl_ca_file` = :ca,
 			`ssl_cert_chainfile` = :chain,
 			`ssl_csr_file` = :csr,
+			`ssl_fullchain_file` = :fullchain,
 			`expirationdate` = :expirationdate
 	");
 
@@ -182,6 +184,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
 				'ca' => $return['chain'],
 				'chain' => $return['chain'],
 				'csr' => $return['csr'],
+				'fullchain' => $return['fullchain'],
 				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
 			));
 

scripts/jobs/cron_letsencrypt_v2.php

@@ -55,6 +55,7 @@ $certificates_stmt = Database::query("
 				dom.`id` = domssl.`domainid`
 		WHERE
 			dom.`customerid` = cust.`customerid`
+			AND cust.deactivated = 0
 			AND dom.`letsencrypt` = 1
 			AND dom.`aliasdomain` IS NULL
 			AND dom.`iswildcarddomain` = 0
@@ -88,6 +89,7 @@ $updcert_stmt = Database::prepare("
 			`ssl_ca_file` = :ca,
 			`ssl_cert_chainfile` = :chain,
 			`ssl_csr_file` = :csr,
+			`ssl_fullchain_file` = :fullchain,
 			`expirationdate` = :expirationdate
 	");
 
@@ -178,6 +180,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
 				'ca' => $return['chain'],
 				'chain' => $return['chain'],
 				'csr' => $return['csr'],
+				'fullchain' => $return['fullchain'],
 				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
 			));