LE: change semantics of setting.letsencryptreuseold
Previously setting.letsencryptreuseold determined wheter both a domain's private key and a CSR should be re-generated. Preparing support of alias domains in LE certificates, this is changed to only determine the re-generation of the private key. CSRs now are always re-generated.
This commit is contained in:
Daniel Reichelt
@@ -227,9 +227,7 @@ class lescript
|
||||
|
||||
$this->client->getLastLinks();
|
||||
|
||||
if (empty($csrfile) || Settings::Get('system.letsencryptreuseold') == 0) {
|
||||
$csr = $this->generateCSR($privateDomainKey, $domains);
|
||||
}
|
||||
$csr = $this->generateCSR($privateDomainKey, $domains);
|
||||
|
||||
// request certificates creation
|
||||
$result = $this->signedRequest("/acme/new-cert", array(
|
||||
|
||||
@@ -1949,8 +1949,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Path for Let's En
|
||||
$lng['serversettings']['letsencryptchallengepath']['description'] = "Directory where the Let's Encrypt challenges should be offered from via a global alias.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
|
||||
$lng['serversettings']['letsencryptkeysize']['title'] = "Key size for new Let's Encrypt certificates";
|
||||
$lng['serversettings']['letsencryptkeysize']['description'] = "Size of the key in Bits for new Let's Encrypt certificates.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
|
||||
$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key / CSR";
|
||||
$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key and CSR will be used for every renew, otherwise a new key / CSR will be generated every time.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
|
||||
$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key";
|
||||
$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key will be used for every renew, otherwise a new key will be generated every time.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
|
||||
$lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
|
||||
$lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.<br /><br />Please remember that you need to go through the webserver-configuration when eabled because this feature needs a special configuration.";
|
||||
$lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
|
||||
|
||||
@@ -1603,8 +1603,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Verzeichnis für
|
||||
$lng['serversettings']['letsencryptchallengepath']['description'] = "Let's Encrypt challenges werden aus diesem Verzeichnis über einen globalen Alias ausgeliefert.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
|
||||
$lng['serversettings']['letsencryptkeysize']['title'] = "Schlüsselgröße für neue Let's Encrypt Zertifikate";
|
||||
$lng['serversettings']['letsencryptkeysize']['description'] = "Größe des Schlüssels in Bit für neue Let's Encrypt Zertifikate.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
|
||||
$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel / CSR wiederverwenden";
|
||||
$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, werden der alte Schlüssel und CSR bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
|
||||
$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel wiederverwenden";
|
||||
$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, wird der alte Schlüssel bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
|
||||
$lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
|
||||
$lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/port nutzen.<br /><br />Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
|
||||
$lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
|
||||
|
||||
@@ -92,26 +92,13 @@ foreach ($certrows as $certrow) {
|
||||
if ($certrow['ssl_redirect'] != 2) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
|
||||
|
||||
if ($certrow['ssl_cert_file']) {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt using old key / SAN for " . $certrow['domain']);
|
||||
// Parse the old certificate
|
||||
$x509data = openssl_x509_parse($certrow['ssl_cert_file']);
|
||||
|
||||
// We are interessted in the old SAN - data
|
||||
$san = explode(', ', $x509data['extensions']['subjectAltName']);
|
||||
$domains = array();
|
||||
foreach ($san as $dnsname) {
|
||||
$domains[] = substr($dnsname, 4);
|
||||
}
|
||||
} else {
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating new key / SAN for " . $certrow['domain']);
|
||||
$domains = array(
|
||||
$certrow['domain']
|
||||
);
|
||||
// Add www.<domain> for SAN
|
||||
if ($certrow['wwwserveralias'] == 1) {
|
||||
$domains[] = 'www.' . $certrow['domain'];
|
||||
}
|
||||
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating SAN list for " . $certrow['domain']);
|
||||
$domains = array(
|
||||
$certrow['domain']
|
||||
);
|
||||
// Add www.<domain> for SAN
|
||||
if ($certrow['wwwserveralias'] == 1) {
|
||||
$domains[] = 'www.' . $certrow['domain'];
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
Reference in New Issue
Block a user