added let's encrypt for froxlor vhost - untested for now, testers are welcome
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -93,7 +93,99 @@ $updcert_stmt = Database::prepare(
|
||||
|
||||
$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
|
||||
|
||||
// flag for re-generation of vhost files
|
||||
$changedetected = 0;
|
||||
|
||||
// first - generate LE for system-vhost if enabled
|
||||
if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
|
||||
$certrow = array(
|
||||
'loginname' => 'froxlor.panel',
|
||||
'domain' => Settings::Get('system.hostname'),
|
||||
'domainid' => 0,
|
||||
'documentroot' => FROXLOR_INSTALL_DIR,
|
||||
'leprivatekey' => Settings::Get('system.leprivatekey'),
|
||||
'lepublickey' => Settings::Get('system.lepublickey'),
|
||||
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
|
||||
'expirationdate' => null,
|
||||
'ssl_cert_file' => null,
|
||||
'ssl_key_file' => null,
|
||||
'ssl_ca_file' => null,
|
||||
'ssl_csr_file' => null
|
||||
);
|
||||
|
||||
$froxlor_ssl_settings_stmt = Database::prepare("
|
||||
SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."`
|
||||
WHERE `domainid` = '0' AND
|
||||
(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
|
||||
");
|
||||
$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
|
||||
|
||||
if ($froxlor_ssl) {
|
||||
$certrow['id'] = $froxlor_ssl['id'];
|
||||
$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
|
||||
$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
|
||||
$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
|
||||
$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
|
||||
$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
|
||||
}
|
||||
$domains = array(
|
||||
$certrow['domain'],
|
||||
'www.'.$certrow['domain']
|
||||
);
|
||||
|
||||
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
|
||||
|
||||
$cronlog = FroxlorLogger::getInstanceOf(array(
|
||||
'loginname' => $certrow['loginname']
|
||||
));
|
||||
|
||||
try {
|
||||
// Initialize Lescript with documentroot
|
||||
$le = new lescript($cronlog, $version);
|
||||
|
||||
// Initialize Lescript
|
||||
$le->initAccount($certrow, true);
|
||||
|
||||
// Request the new certificate (old key may be used)
|
||||
$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
|
||||
|
||||
// We are interessted in the expirationdate
|
||||
$newcert = openssl_x509_parse($return['crt']);
|
||||
|
||||
// Store the new data
|
||||
Database::pexecute($updcert_stmt,
|
||||
array(
|
||||
'id' => $certrow['id'],
|
||||
'domainid' => $certrow['domainid'],
|
||||
'crt' => $return['crt'],
|
||||
'key' => $return['key'],
|
||||
'ca' => $return['chain'],
|
||||
'chain' => $return['chain'],
|
||||
'csr' => $return['csr'],
|
||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
||||
));
|
||||
|
||||
if ($certrow['ssl_redirect'] == 3) {
|
||||
Settings::Set('system.le_froxlor_redirect', '1');
|
||||
}
|
||||
|
||||
$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
|
||||
|
||||
$changedetected = 1;
|
||||
} catch (Exception $e) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||
}
|
||||
}
|
||||
|
||||
// customer domains
|
||||
$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($certrows as $certrow) {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user