outsource acmesh-command to reduce duplicate code
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -29,6 +29,18 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
|
|
||||||
private static $acmesh = "/root/.acme.sh/acme.sh";
|
private static $acmesh = "/root/.acme.sh/acme.sh";
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @var \PDOStatement
|
||||||
|
*/
|
||||||
|
private static $updcert_stmt = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @var \PDOStatement
|
||||||
|
*/
|
||||||
|
private static $upddom_stmt = null;
|
||||||
|
|
||||||
public static function run()
|
public static function run()
|
||||||
{
|
{
|
||||||
self::checkInstall();
|
self::checkInstall();
|
||||||
@@ -87,7 +99,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
AND dom.`iswildcarddomain` = 0
|
AND dom.`iswildcarddomain` = 0
|
||||||
");
|
");
|
||||||
|
|
||||||
$updcert_stmt = Database::prepare("
|
self::$updcert_stmt = Database::prepare("
|
||||||
REPLACE INTO
|
REPLACE INTO
|
||||||
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
|
||||||
SET
|
SET
|
||||||
@@ -102,7 +114,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
`expirationdate` = :expirationdate
|
`expirationdate` = :expirationdate
|
||||||
");
|
");
|
||||||
|
|
||||||
$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
|
self::$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
|
||||||
|
|
||||||
// flag for re-generation of vhost files
|
// flag for re-generation of vhost files
|
||||||
$changedetected = 0;
|
$changedetected = 0;
|
||||||
@@ -173,48 +185,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
'adminsession' => 0
|
'adminsession' => 0
|
||||||
));
|
));
|
||||||
|
|
||||||
// Initialize Lescript with documentroot
|
self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected);
|
||||||
$acmesh_cmd = self::$acmesh . " --auto-upgrade 0 --server " . self::$apiserver . " --" . $cert_mode . " -d " . implode(" -d ", $domains);
|
|
||||||
|
|
||||||
if ($cert_mode == 'issue') {
|
|
||||||
$acmesh_cmd .= " -w " . \Froxlor\Froxlor::getInstallDir();
|
|
||||||
}
|
|
||||||
if (Settings::Get('system.leecc') > 0) {
|
|
||||||
$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
|
|
||||||
}
|
|
||||||
|
|
||||||
FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, $acmesh_cmd);
|
|
||||||
|
|
||||||
$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
|
|
||||||
|
|
||||||
$return = array();
|
|
||||||
self::readCertificateToVar(array_pop($domains), $return);
|
|
||||||
|
|
||||||
if (! empty($return['crt'])) {
|
|
||||||
|
|
||||||
$newcert = openssl_x509_parse($return['crt']);
|
|
||||||
|
|
||||||
// Store the new data
|
|
||||||
Database::pexecute($updcert_stmt, array(
|
|
||||||
'id' => $certrow['id'],
|
|
||||||
'domainid' => $certrow['domainid'],
|
|
||||||
'crt' => $return['crt'],
|
|
||||||
'key' => $return['key'],
|
|
||||||
'ca' => $return['chain'],
|
|
||||||
'chain' => $return['chain'],
|
|
||||||
'csr' => $return['csr'],
|
|
||||||
'fullchain' => $return['fullchain'],
|
|
||||||
'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
|
|
||||||
));
|
|
||||||
|
|
||||||
if ($certrow['ssl_redirect'] == 3) {
|
|
||||||
Settings::Set('system.le_froxlor_redirect', '1');
|
|
||||||
}
|
|
||||||
FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
|
|
||||||
$changedetected = 1;
|
|
||||||
} else {
|
|
||||||
FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -232,7 +203,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
|
||||||
if ($certrow['ssl_redirect'] != 2) {
|
if ($certrow['ssl_redirect'] != 2) {
|
||||||
|
|
||||||
if (!empty($certrow['ssl_cert_file'])) {
|
if (! empty($certrow['ssl_cert_file'])) {
|
||||||
$cert_mode = 'renew';
|
$cert_mode = 'renew';
|
||||||
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
|
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
|
||||||
} else {
|
} else {
|
||||||
@@ -263,7 +234,24 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize Lescript with documentroot
|
self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected);
|
||||||
|
} else {
|
||||||
|
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// If we have a change in a certificate, we need to update the webserver - configs
|
||||||
|
// This is easiest done by just creating a new task ;)
|
||||||
|
if ($changedetected) {
|
||||||
|
\Froxlor\System\Cronjob::inserttask(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0)
|
||||||
|
{
|
||||||
|
if (! empty($domains)) {
|
||||||
$acmesh_cmd = self::$acmesh . " --auto-upgrade 0 --server " . self::$apiserver . " --" . $cert_mode . " -d " . implode(" -d ", $domains);
|
$acmesh_cmd = self::$acmesh . " --auto-upgrade 0 --server " . self::$apiserver . " --" . $cert_mode . " -d " . implode(" -d ", $domains);
|
||||||
|
|
||||||
if ($cert_mode == 'issue') {
|
if ($cert_mode == 'issue') {
|
||||||
@@ -286,7 +274,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
$newcert = openssl_x509_parse($return['crt']);
|
$newcert = openssl_x509_parse($return['crt']);
|
||||||
|
|
||||||
// Store the new data
|
// Store the new data
|
||||||
Database::pexecute($updcert_stmt, array(
|
Database::pexecute(self::$updcert_stmt, array(
|
||||||
'id' => $certrow['id'],
|
'id' => $certrow['id'],
|
||||||
'domainid' => $certrow['domainid'],
|
'domainid' => $certrow['domainid'],
|
||||||
'crt' => $return['crt'],
|
'crt' => $return['crt'],
|
||||||
@@ -299,7 +287,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
));
|
));
|
||||||
|
|
||||||
if ($certrow['ssl_redirect'] == 3) {
|
if ($certrow['ssl_redirect'] == 3) {
|
||||||
Database::pexecute($upddom_stmt, array(
|
Database::pexecute(self::$upddom_stmt, array(
|
||||||
'domainid' => $certrow['domainid']
|
'domainid' => $certrow['domainid']
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
@@ -309,20 +297,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
|
|||||||
} else {
|
} else {
|
||||||
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
|
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we have a change in a certificate, we need to update the webserver - configs
|
|
||||||
// This is easiest done by just creating a new task ;)
|
|
||||||
if ($changedetected) {
|
|
||||||
\Froxlor\System\Cronjob::inserttask(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
|
|
||||||
}
|
|
||||||
|
|
||||||
private static function readCertificateToVar($domain, &$return)
|
private static function readCertificateToVar($domain, &$return)
|
||||||
{
|
{
|
||||||
$certificate_folder = dirname(self::$acmesh) . "/" . $domain;
|
$certificate_folder = dirname(self::$acmesh) . "/" . $domain;
|
||||||
|
|||||||
Reference in New Issue
Block a user