Support ZeroSSL via acme.sh (v3); refs #946

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

actions/admin/settings/131.ssl.php

@@ -142,6 +142,9 @@ return array(
 					'default' => '/etc/apache2/conf-enabled/acme.conf',
 					'save_method' => 'storeSettingField'
 				),
+			    /**
+			     * currently the only option anyway
+			     *
 				'system_leapiversion' => array(
 					'label' => $lng['serversettings']['leapiversion'],
 					'settinggroup' => 'system',
@@ -154,16 +157,18 @@ return array(
 					),
 					'save_method' => 'storeSettingField'
 				),
+				*/
 				'system_letsencryptca' => array(
 					'label' => $lng['serversettings']['letsencryptca'],
 					'settinggroup' => 'system',
 					'varname' => 'letsencryptca',
 					'type' => 'option',
-					'default' => 'production',
+					'default' => 'letsencrypt',
 					'option_mode' => 'one',
 					'option_options' => array(
-						'testing' => 'https://acme-staging-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Test)',
+						'letsencrypt_test' => 'Let\'s Encrypt (Test / Staging)',
-						'production' => 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
+						'letsencrypt' => 'Let\'s Encrypt (Live)',
+					    'zerossl' => 'ZeroSSL (Live)'
 					),
 					'save_method' => 'storeSettingField'
 				),

install/froxlor.sql

@@ -628,7 +628,7 @@ opcache.interned_strings_buffer'),
 	('system', 'apacheitksupport', '0'),
 	('system', 'leprivatekey', 'unset'),
 	('system', 'lepublickey', 'unset'),
-	('system', 'letsencryptca', 'production'),
+	('system', 'letsencryptca', 'letsencrypt'),
 	('system', 'letsencryptcountrycode', 'DE'),
 	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
@@ -716,7 +716,7 @@ opcache.interned_strings_buffer'),
 	('panel', 'terms_url', ''),
 	('panel', 'privacy_url', ''),
 	('panel', 'version', '0.10.26'),
-	('panel', 'db_version', '202106160');
+	('panel', 'db_version', '202106270');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -812,3 +812,16 @@ if (\Froxlor\Froxlor::isDatabaseVersion('202103240')) {
 
     \Froxlor\Froxlor::updateToDbVersion('202106160');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202106160')) {
+
+    showUpdateStep("Adjusting Let's Encrypt endpoint configuration to support ZeroSSL", true);
+    if (Settings::Get('system.letsencryptca') == 'testing') {
+        Settings::Set("system.letsencryptca", 'letsencrypt_test');
+    } else {
+        Settings::Set("system.letsencryptca", 'letsencrypt');
+    }
+    lastStepStatus(0);
+
+    \Froxlor\Froxlor::updateToDbVersion('202106270');
+}

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -28,6 +28,12 @@ use Froxlor\FileDir;
 class AcmeSh extends \Froxlor\Cron\FroxlorCron
 {
 
+    const ACME_PROVIDER = [
+        'letsencrypt' => "https://acme-v02.api.letsencrypt.org/directory",
+        'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
+        'zerossl' => "https://acme.zerossl.com/v2/DV90"
+    ];
+
     private static $apiserver = "";
 
     private static $acmesh = "/root/.acme.sh/acme.sh";
@@ -63,7 +69,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
             $issue_domains = self::issueDomains();
             $renew_froxlor = self::renewFroxlorVhost();
             $renew_domains = self::renewDomains(true);
-			if ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {
+            if ($issue_froxlor || ! empty($issue_domains) || ! empty($renew_froxlor) || $renew_domains) {
                 // insert task to generate certificates and vhost-configs
                 \Froxlor\System\Cronjob::inserttask(1);
             }
@@ -71,7 +77,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
         }
 
         // set server according to settings
-		self::$apiserver = 'https://acme-' . (Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '') . 'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
+        self::$apiserver = self::ACME_PROVIDER[Settings::Get('system.letsencryptca')];
 
         // validate acme.sh installation
         if (! self::checkInstall()) {
@@ -306,7 +312,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
             if (Settings::Get('system.letsencryptreuseold') != '1') {
                 $acmesh_cmd .= " --always-force-new-domain-key";
             }
-			if (Settings::Get('system.letsencryptca') == 'testing') {
+            if (Settings::Get('system.letsencryptca') == 'letsencrypt_test') {
                 $acmesh_cmd .= " --staging";
             }
             if ($force) {
@@ -518,8 +524,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
         if (file_exists($env_file)) {
             $output = [];
             $cut = <<<EOC
-cut -d'"' -f2
+            cut -d'"' -f2
-EOC;
+            EOC;
             exec('grep "LE_WORKING_DIR" ' . escapeshellarg($env_file) . ' | ' . $cut, $output);
             if (is_array($output) && ! empty($output) && isset($output[0]) && ! empty($output[0])) {
                 return FileDir::makeCorrectDir($output[0] . "/" . $domain);

lib/Froxlor/Froxlor.php

@@ -10,7 +10,7 @@ final class Froxlor
 	const VERSION = '0.10.26';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202106160';
+	const DBVERSION = '202106270';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lng/english.lng.php

@@ -1839,8 +1839,8 @@ $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Using Let\'s Encrypt is
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot handle wildcard-domains using ACME in froxlor (requires dns-challenge), sorry. Please set the ServerAlias to WWW or disable it completely';
 $lng['panel']['letsencrypt'] = 'Using Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates';
-$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt environment";
+$lng['serversettings']['letsencryptca']['title'] = "ACME environment";
-$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt certificates.";
+$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt / ZeroSSL certificates.";
 $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt country code";
 $lng['serversettings']['letsencryptcountrycode']['description'] = "2 letter country code used to generate Let's Encrypt certificates.";
 $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt state";

lng/german.lng.php

@@ -1490,8 +1490,8 @@ $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Die Nutzung von Let\'s
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann mittels ACME Wildcard-Domains nur via DNS validieren, sorry. Bitte den ServerAlias auf WWW setzen oder deaktivieren';
 $lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'Aktualisierung der Let\'s Encrypt Zertifikate';
-$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt Umgebung";
+$lng['serversettings']['letsencryptca']['title'] = "ACME Umgebung";
-$lng['serversettings']['letsencryptca']['description'] = "Let's Encrypt - Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
+$lng['serversettings']['letsencryptca']['description'] = "Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
 $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt Ländercode";
 $lng['serversettings']['letsencryptcountrycode']['description'] = "2 - stelliger Ländercode, welcher benutzt wird um Let's Encrypt - Zertifikate zu bestellen.";
 $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt Bundesland";