check for renewal of certificates not only if there's a task to regenerate vhosts but everytime the letsencrypt cronjob runs (which is basically obsolete due to the integration into the tasks cron but perfect for checking renewal dates
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -45,19 +45,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
||||
|
||||
public static $no_inserttask = false;
|
||||
|
||||
public static function run($internal = false)
|
||||
private static function needRenew()
|
||||
{
|
||||
if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
|
||||
// FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Let's Encrypt cronjob is combined with regeneration of webserver configuration files.\nFor debugging purposes you can use the --debug switch and/or the --force switch to run the cron manually.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
self::checkInstall();
|
||||
|
||||
self::$apiserver = 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
|
||||
|
||||
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting/renewing Let's Encrypt certificates");
|
||||
|
||||
$certificates_stmt = Database::query("
|
||||
SELECT
|
||||
domssl.`id`,
|
||||
@@ -94,6 +83,46 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
||||
OR domssl.`expirationdate` IS NULL
|
||||
)
|
||||
");
|
||||
$customer_ssl = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
|
||||
|
||||
$froxlor_ssl = array();
|
||||
if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||
WHERE `domainid` = '0' AND
|
||||
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
|
||||
");
|
||||
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
|
||||
}
|
||||
|
||||
if (count($customer_ssl) > 0 || count($froxlor_ssl) > 0) {
|
||||
return array(
|
||||
'customer_ssl' => $customer_ssl,
|
||||
'froxlor_ssl' => $froxlor_ssl
|
||||
);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function run($internal = false)
|
||||
{
|
||||
if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
|
||||
// Let's Encrypt cronjob is combined with regeneration of webserver configuration files.
|
||||
// For debugging purposes you can use the --debug switch and the --force switch to run the cron manually.
|
||||
// check whether we MIGHT need to run although there is no task to regenerate config-files
|
||||
$needRenew = self::needRenew();
|
||||
if ($needRenew) {
|
||||
// insert task to generate certificates and vhost-configs
|
||||
\Froxlor\System\Cronjob::inserttask(1);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
self::checkInstall();
|
||||
|
||||
self::$apiserver = 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
|
||||
|
||||
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting/renewing Let's Encrypt certificates");
|
||||
|
||||
$aliasdomains_stmt = Database::prepare("
|
||||
SELECT
|
||||
@@ -127,6 +156,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
||||
// flag for re-generation of vhost files
|
||||
$changedetected = 0;
|
||||
|
||||
$needRenew = self::needRenew();
|
||||
|
||||
// first - generate LE for system-vhost if enabled
|
||||
if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
|
||||
@@ -147,12 +178,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
||||
'id' => null
|
||||
);
|
||||
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||
WHERE `domainid` = '0' AND
|
||||
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
|
||||
");
|
||||
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
|
||||
$froxlor_ssl = $needRenew['froxlor_ssl'];
|
||||
|
||||
$cert_mode = 'issue';
|
||||
if ($froxlor_ssl) {
|
||||
@@ -210,7 +236,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
||||
}
|
||||
|
||||
// customer domains
|
||||
$certrows = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
|
||||
$certrows = $needRenew['customer_ssl'];
|
||||
$cert_mode = 'issue';
|
||||
foreach ($certrows as $certrow) {
|
||||
|
||||
@@ -390,6 +416,6 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
||||
$acmesh_result = \Froxlor\FileDir::safe_exec(self::$acmesh . " --upgrade");
|
||||
// check for activated cron (which is installed automatically) but we don't need it
|
||||
$acmesh_result2 = \Froxlor\FileDir::safe_exec(self::$acmesh . " --uninstall-cronjob");
|
||||
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result)."\n".implode("\n", $acmesh_result2));
|
||||
FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result) . "\n" . implode("\n", $acmesh_result2));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user