maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add buypass testing/staging ACME endpoint; create CAA entries accordingly if activated; refs #968

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2021-07-29 21:24:43 +02:00
parent 926ce427fc
commit 86939a64da
3 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
actions/admin/settings/131.ssl.php
View File

@@ -168,6 +168,7 @@ return array(
'option_options' => array( 'option_options' => array(
'letsencrypt_test' => 'Let\'s Encrypt (Test / Staging)', 'letsencrypt_test' => 'Let\'s Encrypt (Test / Staging)',
'letsencrypt' => 'Let\'s Encrypt (Live)', 'letsencrypt' => 'Let\'s Encrypt (Live)',
'buypass_test' => 'Buypass (Test / Staging)',
'buypass' => 'Buypass (Live)', 'buypass' => 'Buypass (Live)',
'zerossl' => 'ZeroSSL (Live)' 'zerossl' => 'ZeroSSL (Live)'
), ),

1
lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
View File

@@ -32,6 +32,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
'letsencrypt' => "https://acme-v02.api.letsencrypt.org/directory", 'letsencrypt' => "https://acme-v02.api.letsencrypt.org/directory",
'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory", 'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
'buypass' => "https://api.buypass.com/acme/directory", 'buypass' => "https://api.buypass.com/acme/directory",
'buypass_test' => "https://api.test4.buypass.no/acme/directory",
'zerossl' => "https://acme.zerossl.com/v2/DV90" 'zerossl' => "https://acme.zerossl.com/v2/DV90"
]; ];

25
lib/Froxlor/Dns/Dns.php
View File

@@ -338,11 +338,28 @@ class Dns
foreach ($records as $record) { foreach ($records as $record) {
if ($record == '@CAA@') { if ($record == '@CAA@') {
$caa_entries = explode(PHP_EOL, Settings::Get('caa.caa_entry')); $caa_entries = explode(PHP_EOL, Settings::Get('caa.caa_entry'));
if ($domain['letsencrypt'] == 1) { $caa_domain = "letsencrypt.org";
$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "letsencrypt.org"' : '0 issue "letsencrypt.org"'; if (Settings::Get('system.letsencryptca') == 'buypass' || Settings::Get('system.letsencryptca') == 'buypass_test') {
array_push($caa_entries, $le_entry); $caa_domain = "buypass.com";
}
if ($domain['letsencrypt'] == 1) {
if (Settings::Get('system.letsencryptca') == 'zerossl') {
$caa_domains = [
"sectigo.com",
"trust-provider.com",
"usertrust.com",
"comodoca.com",
"comodo.com"
];
foreach ($caa_domains as $caa_domain) {
$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "' . $caa_domain . '"' : '0 issue "' . $caa_domain . '"';
array_push($caa_entries, $le_entry);
}
} else {
$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "' . $caa_domain . '"' : '0 issue "' . $caa_domain . '"';
array_push($caa_entries, $le_entry);
}
} }
foreach ($caa_entries as $entry) { foreach ($caa_entries as $entry) {
if (empty($entry)) continue; if (empty($entry)) continue;
$zonerecords[] = new DnsEntry('@', 'CAA', $entry); $zonerecords[] = new DnsEntry('@', 'CAA', $entry);