From d1a3defef074df70511185462c98796e90f550bd Mon Sep 17 00:00:00 2001 From: Daniel Reichelt Date: Sat, 10 Sep 2016 21:02:52 +0200 Subject: [PATCH 1/2] LE: change log level to LOG_INFO --- scripts/jobs/cron_letsencrypt.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php index cfca074e..7bdf22cc 100644 --- a/scripts/jobs/cron_letsencrypt.php +++ b/scripts/jobs/cron_letsencrypt.php @@ -151,7 +151,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') { // Only renew let's encrypt certificate if no broken ssl_redirect is enabled if ($certrow['ssl_redirect'] != 2) { - $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']); + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']); $cronlog = FroxlorLogger::getInstanceOf(array( 'loginname' => $certrow['loginname'] @@ -212,15 +212,15 @@ foreach ($certrows as $certrow) { // Only renew let's encrypt certificate if no broken ssl_redirect is enabled if ($certrow['ssl_redirect'] != 2) { - $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']); + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']); - $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']); + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']); $domains = array( $certrow['domain'] ); // add www. to SAN list if ($certrow['wwwserveralias'] == 1) { - $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']); + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']); $domains[] = 'www.' . $certrow['domain']; } @@ -230,10 +230,10 @@ foreach ($certrows as $certrow) { )); $aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC); foreach ($aliasdomains as $aliasdomain) { - $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']); + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']); $domains[] = $aliasdomain['domain']; if ($aliasdomain['wwwserveralias'] == 1) { - $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']); + $cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']); $domains[] = 'www.' . $aliasdomain['domain']; } } From b8bfd7ff4c73a7e32bc30230cbbae592ac333b51 Mon Sep 17 00:00:00 2001 From: Daniel Reichelt Date: Sun, 11 Sep 2016 00:47:32 +0200 Subject: [PATCH 2/2] LE: don't re-use old CSRs, always generate new ones fixes #1652 --- scripts/jobs/cron_letsencrypt.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php index 7bdf22cc..5e460698 100644 --- a/scripts/jobs/cron_letsencrypt.php +++ b/scripts/jobs/cron_letsencrypt.php @@ -165,7 +165,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') { $le->initAccount($certrow, true); // Request the new certificate (old key may be used) - $return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']); + $return = $le->signDomains($domains, $certrow['ssl_key_file']); // We are interessted in the expirationdate $newcert = openssl_x509_parse($return['crt']); @@ -246,7 +246,7 @@ foreach ($certrows as $certrow) { $le->initAccount($certrow); // Request the new certificate (old key may be used) - $return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']); + $return = $le->signDomains($domains, $certrow['ssl_key_file']); // We are interessted in the expirationdate $newcert = openssl_x509_parse($return['crt']);