LE: support alias domains
LE CSRs are triggered for the aliasdomain target domain on
* domain deletion
* domain creation
* domain editing when
* the aliasdomain target changes (CSR triggered both for old and new
target)
* wwwalias is disabled or enabled
* letsencrypt is disabled or enabled (domain-local)
fixes #1597
This commit is contained in:
Daniel Reichelt
@@ -245,6 +245,8 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
'domainid' => $id
|
||||
));
|
||||
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
|
||||
|
||||
$log->logAction(ADM_ACTION, LOG_INFO, "deleted domain/subdomains (#" . $result['id'] . ")");
|
||||
updateCounters();
|
||||
inserttask('1');
|
||||
@@ -672,10 +674,6 @@ if ($page == 'domains' || $page == 'overview') {
|
||||
$issubof = '0';
|
||||
}
|
||||
|
||||
if ($aliasdomain != 0 && $letsencrypt != 0) {
|
||||
standard_error('letsencryptdoesnotworkwithaliasdomains');
|
||||
}
|
||||
|
||||
if ($domain == '') {
|
||||
standard_error(array(
|
||||
'stringisempty',
|
||||
@@ -843,6 +841,9 @@ elseif (Settings::Get('system.validate_domain') && ! validateDomain($domain)) {
|
||||
Database::pexecute($ins_stmt, $ins_data);
|
||||
}
|
||||
}
|
||||
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
|
||||
$log->logAction(ADM_ACTION, LOG_INFO, "added domain '" . $domain . "'");
|
||||
inserttask('1');
|
||||
|
||||
@@ -1472,10 +1473,6 @@ elseif (Settings::Get('system.validate_domain') && ! validateDomain($domain)) {
|
||||
$issubof = '0';
|
||||
}
|
||||
|
||||
if ($aliasdomain != 0 && $letsencrypt != 0) {
|
||||
standard_error('letsencryptdoesnotworkwithaliasdomains');
|
||||
}
|
||||
|
||||
if ($serveraliasoption != '1' && $serveraliasoption != '2') {
|
||||
$serveraliasoption = '0';
|
||||
}
|
||||
@@ -1802,6 +1799,15 @@ elseif (Settings::Get('system.validate_domain') && ! validateDomain($domain)) {
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($result['aliasdomain'] != $aliasdomain) {
|
||||
// trigger when domain id for alias destination has changed: both for old and new destination
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
} else
|
||||
if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
|
||||
// or when wwwserveralias or letsencrypt was changed
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
}
|
||||
|
||||
$log->logAction(ADM_ACTION, LOG_INFO, "edited domain #" . $id);
|
||||
redirectTo($filename, array(
|
||||
|
||||
@@ -171,7 +171,7 @@ if ($page == 'overview') {
|
||||
|
||||
eval("echo \"" . getTemplate("domains/domainlist") . "\";");
|
||||
} elseif ($action == 'delete' && $id != 0) {
|
||||
$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "`
|
||||
$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid`, `aliasdomain` FROM `" . TABLE_PANEL_DOMAINS . "`
|
||||
WHERE `customerid` = :customerid
|
||||
AND `id` = :id"
|
||||
);
|
||||
@@ -197,6 +197,8 @@ if ($page == 'overview') {
|
||||
}
|
||||
}
|
||||
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
|
||||
|
||||
$log->logAction(USR_ACTION, LOG_INFO, "deleted subdomain '" . $idna_convert->decode($result['domain']) . "'");
|
||||
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE
|
||||
`customerid` = :customerid
|
||||
@@ -290,6 +292,7 @@ if ($page == 'overview') {
|
||||
ORDER BY `d`.`domain` ASC;"
|
||||
);
|
||||
$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid']));
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
}
|
||||
|
||||
if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
|
||||
@@ -342,11 +345,6 @@ if ($page == 'overview') {
|
||||
}
|
||||
}
|
||||
|
||||
if ($aliasdomain != 0 && $letsencrypt != 0)
|
||||
{
|
||||
standard_error('letsencryptdoesnotworkwithaliasdomains');
|
||||
}
|
||||
|
||||
// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
|
||||
if ($ssl_redirect > 0 && $letsencrypt == 1) {
|
||||
$ssl_redirect = 2;
|
||||
@@ -610,11 +608,6 @@ if ($page == 'overview') {
|
||||
$letsencrypt = '0';
|
||||
}
|
||||
|
||||
if ($aliasdomain != 0 && $letsencrypt != 0)
|
||||
{
|
||||
standard_error('letsencryptdoesnotworkwithaliasdomains');
|
||||
}
|
||||
|
||||
// We can't enable let's encrypt for wildcard - domains
|
||||
if ($iswildcarddomain == '1' && $letsencrypt == '1') {
|
||||
standard_error('nowildcardwithletsencrypt');
|
||||
@@ -677,6 +670,17 @@ if ($page == 'overview') {
|
||||
"id" => $id
|
||||
);
|
||||
Database::pexecute($stmt, $params);
|
||||
|
||||
if ($result['aliasdomain'] != $aliasdomain) {
|
||||
// trigger when domain id for alias destination has changed: both for old and new destination
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
} else
|
||||
if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
|
||||
// or when wwwserveralias or letsencrypt was changed
|
||||
triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
|
||||
}
|
||||
|
||||
inserttask('1');
|
||||
|
||||
// Using nameserver, insert a task which rebuilds the server config
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Daniel Reichelt <hacking@nachtgeist.net> (2016-)
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Functions
|
||||
*
|
||||
*/
|
||||
|
||||
function triggerLetsEncryptCSRForAliasDestinationDomain($aliasDestinationDomainID, $log)
|
||||
{
|
||||
if (isset($aliasDestinationDomainID) && $aliasDestinationDomainID > 0) {
|
||||
$log->logAction(ADM_ACTION, LOG_INFO, "LetsEncrypt CSR triggered for domain ID " . $aliasDestinationDomainID);
|
||||
$upd_stmt = Database::prepare(
|
||||
"UPDATE
|
||||
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||
SET
|
||||
`expirationdate` = null
|
||||
WHERE
|
||||
domainid = :domainid
|
||||
");
|
||||
Database::pexecute($upd_stmt, array(
|
||||
'domainid' => $aliasDestinationDomainID
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -1936,7 +1936,6 @@ $lng['customer']['letsencrypt']['title'] = 'Use Let\'s Encrypt';
|
||||
$lng['customer']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> This feature is still in beta.';
|
||||
$lng['error']['sslredirectonlypossiblewithsslipport'] = 'Using Let\'s Encrypt is only possible when the domain has at least one ssl-enabled IP/port combination assigned.';
|
||||
$lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot (yet) handle wildcard-domains. Please set the ServerAlias to WWW or disable it completely';
|
||||
$lng['error']['letsencryptdoesnotworkwithaliasdomains'] = "Usage of Let's Encrypt is not possible for aliasdomains at the moment. Please disable Let's Encrypt or AliasDomain";
|
||||
$lng['panel']['letsencrypt'] = 'Using Let\'s encrypt';
|
||||
$lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates';
|
||||
$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt environment";
|
||||
|
||||
@@ -1590,7 +1590,6 @@ $lng['customer']['letsencrypt']['title'] = 'Benutze Let\'s Encrypt';
|
||||
$lng['customer']['letsencrypt']['description'] = 'Holt ein kostenloses Zertifikat von <a href="https://letsencrypt.org">Let\'s Encrypt</a>. Das Zertifikat wird automatisch erstellt und verlängert.<br><strong class="red">ACHTUNG:</strong> Dieses Feature befindet sich noch im Test.';
|
||||
$lng['error']['sslredirectonlypossiblewithsslipport'] = 'Die Nutzung von Let\'s Encrypt ist nur möglich, wenn die Domain mindestens eine IP/Port - Kombination mit aktiviertem SSL zugewiesen hat.';
|
||||
$lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann (noch) nicht mit Wildcard-Domains umgehen. Bitte den ServerAlias auf WWW setzen oder deaktivieren';
|
||||
$lng['error']['letsencryptdoesnotworkwithaliasdomains'] = "Die Nutzung von Let's Encrypt ist mit AliasDomains derzeit nicht möglich. Bitte Let's Encrypt oder AliasDomain deaktivieren";
|
||||
$lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt';
|
||||
$lng['crondesc']['cron_letsencrypt'] = 'aktualisiert Let\'s Encrypt Zertifikate';
|
||||
$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt Umgebung";
|
||||
|
||||
@@ -38,7 +38,6 @@ $certificates_stmt = Database::query(
|
||||
domssl.`ssl_ca_file`,
|
||||
domssl.`ssl_csr_file`,
|
||||
dom.`domain`,
|
||||
dom.`iswildcarddomain`,
|
||||
dom.`wwwserveralias`,
|
||||
dom.`documentroot`,
|
||||
dom.`id` AS 'domainid',
|
||||
@@ -56,12 +55,27 @@ $certificates_stmt = Database::query(
|
||||
WHERE
|
||||
dom.`customerid` = cust.`customerid`
|
||||
AND dom.`letsencrypt` = 1
|
||||
AND dom.`aliasdomain` IS NULL
|
||||
AND dom.`iswildcarddomain` = 0
|
||||
AND (
|
||||
domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
|
||||
OR domssl.`expirationdate` IS NULL
|
||||
)
|
||||
");
|
||||
|
||||
$aliasdomains_stmt = Database::prepare(
|
||||
"
|
||||
SELECT
|
||||
dom.`id` as domainid,
|
||||
dom.`domain`,
|
||||
dom.`wwwserveralias`
|
||||
FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
|
||||
WHERE
|
||||
dom.`aliasdomain` = :id
|
||||
AND dom.`letsencrypt` = 1
|
||||
AND dom.`iswildcarddomain` = 0
|
||||
");
|
||||
|
||||
$updcert_stmt = Database::prepare(
|
||||
"
|
||||
REPLACE INTO
|
||||
@@ -92,15 +106,30 @@ foreach ($certrows as $certrow) {
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
|
||||
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating SAN list for " . $certrow['domain']);
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']);
|
||||
$domains = array(
|
||||
$certrow['domain']
|
||||
);
|
||||
// Add www.<domain> for SAN
|
||||
// add www.<domain> to SAN list
|
||||
if ($certrow['wwwserveralias'] == 1) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']);
|
||||
$domains[] = 'www.' . $certrow['domain'];
|
||||
}
|
||||
|
||||
// add alias domains (and possibly www.<aliasdomain>) to SAN list
|
||||
Database::pexecute($aliasdomains_stmt, array(
|
||||
'id' => $certrow['domainid']
|
||||
));
|
||||
$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($aliasdomains as $aliasdomain) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']);
|
||||
$domains[] = $aliasdomain['domain'];
|
||||
if ($aliasdomain['wwwserveralias'] == 1) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']);
|
||||
$domains[] = 'www.' . $aliasdomain['domain'];
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
// Initialize Lescript with documentroot
|
||||
$le = new lescript($cronlog);
|
||||
|
||||
Reference in New Issue
Block a user