diff --git a/install/froxlor.sql b/install/froxlor.sql index c00a730f..80091911 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -198,6 +198,7 @@ CREATE TABLE `panel_customers` ( `lepublickey` mediumtext default NULL, `leprivatekey` mediumtext default NULL, `leregistered` tinyint(1) NOT NULL default '0', + `leaccount` varchar(255) default '', `allowed_phpconfigs` varchar(500) NOT NULL default '', PRIMARY KEY (`customerid`), UNIQUE KEY `loginname` (`loginname`) @@ -653,6 +654,7 @@ opcache.interned_strings_buffer'), ('system', 'hsts_incsub', '0'), ('system', 'hsts_preload', '0'), ('system', 'leregistered', '0'), + ('system', 'leaccount', ''), ('system', 'nssextrausers', '0'), ('system', 'disable_le_selfcheck', '0'), ('system', 'ssl_protocols', 'TLSv1,TLSv1.2'), @@ -692,7 +694,7 @@ opcache.interned_strings_buffer'), ('panel', 'password_special_char', '!?<>ยง$%+#=@'), ('panel', 'customer_hide_options', ''), ('panel', 'version', '0.9.39.5'), - ('panel', 'db_version', '201805290'); + ('panel', 'db_version', '201809180'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index 17432b94..6b07bc11 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -3998,3 +3998,16 @@ if (isDatabaseVersion('201805241')) { updateToDbVersion('201805290'); } } + +if (isDatabaseVersion('201805290')) { + + showUpdateStep("Adding leaccount field to panel customers"); + Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD COLUMN `leaccount` varchar(255) default '' AFTER `leregistered`;"); + lastStepStatus(0); + + showUpdateStep("Adding system setting for let's-encrypt account"); + Settings::AddNew('system.leaccount', ""); + lastStepStatus(0); + + updateToDbVersion('201809180'); +} diff --git a/lib/classes/ssl/class.lescript_v2.php b/lib/classes/ssl/class.lescript_v2.php index 6216ac10..c4ae7df4 100644 --- a/lib/classes/ssl/class.lescript_v2.php +++ b/lib/classes/ssl/class.lescript_v2.php @@ -76,6 +76,7 @@ class lescript_v2 $this->customerId = (! $isFroxlorVhost ? $certrow['customerid'] : null); $this->isFroxlorVhost = $isFroxlorVhost; $this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production'); + $this->_acc_location = $certrow['leaccount']; $leregistered = $certrow['leregistered']; @@ -149,42 +150,55 @@ class lescript_v2 // start domains authentication // ---------------------------- - + + // Prepare order + $domains_in_order = array(); foreach ($domains as $domain) { + $domains_in_order []= array( + "type" => "dns", + "value" => $domain + ); + } + + // Send new-order request + $response = $this->signedRequest($this->_req_uris['newOrder'], array( + "identifiers" => $domains_in_order + ), false); + + if ($this->client->getLastCode() == 403) { + $this->log("Got status 403 - setting LE status to unregistered."); + $this->_acc_location = ''; + $this->setLeRegisteredState(0); + throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run. Whole response: " . json_encode($response)); + } + + // if response is not an array but a string, it's most likely a server-error, e.g. + // ErrorAn error occurred while processing your request. + //

Reference #179.d8be1402.1458059103.3613c4db + if (! is_array($response)) { + throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response)); + } + + if (! array_key_exists('authorizations', $response)) { + throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response)); + } + + $authorizations = $response['authorizations']; + $finalizeLink = $response['finalize']; + + $i = 0; + + foreach ($authorizations as $authorization) { // 1. getting available authentication options // ------------------------------------------- + + $domain = $response['identifiers'][$i++]['value']; $this->log("Requesting challenge for $domain"); - $response = $this->signedRequest($this->_req_uris['newOrder'], array( - "identifiers" => array( - array( - "type" => "dns", - "value" => $domain - ) - ) - ), false); - - if ($this->client->getLastCode() == 403) { - $this->log("Got status 403 - setting LE status to unregistered."); - $this->setLeRegisteredState(0); - throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run. Whole response: " . json_encode($response)); - } - - // if response is not an array but a string, it's most likely a server-error, e.g. - // ErrorAn error occurred while processing your request. - //

Reference #179.d8be1402.1458059103.3613c4db - if (! is_array($response)) { - throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response)); - } - - if (! array_key_exists('authorizations', $response)) { - throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response)); - } - // get authorization - $auth_response = $this->client->get($response['authorizations'][0]); + $auth_response = $this->client->get($authorization); if (! array_key_exists('challenges', $auth_response)) { throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($auth_response)); @@ -201,7 +215,6 @@ class lescript_v2 $this->log("Got challenge token for $domain"); $location = $challenge['url']; - $finalizeLink = $response['finalize']; // 2. saving authentication token for web verification // --------------------------------------------------- @@ -336,10 +349,12 @@ class lescript_v2 if ($this->isLeProduction) { if ($this->isFroxlorVhost) { Settings::Set('system.leregistered', $state); + Settings::Set('system.leaccount', $this->_acc_location); } else { - $upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;"); + $upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered, `leaccount` = :kid " . "WHERE `customerid` = :customerid;"); Database::pexecute($upd_stmt, array( 'registered' => $state, + 'kid' => $this->_acc_location, 'customerid' => $this->customerId )); } diff --git a/scripts/jobs/cron_letsencrypt_v2.php b/scripts/jobs/cron_letsencrypt_v2.php index c56a3e4e..c476c11b 100644 --- a/scripts/jobs/cron_letsencrypt_v2.php +++ b/scripts/jobs/cron_letsencrypt_v2.php @@ -45,6 +45,7 @@ $certificates_stmt = Database::query(" cust.`leprivatekey`, cust.`lepublickey`, cust.`leregistered`, + cust.`leaccount`, cust.`customerid`, cust.`loginname` FROM @@ -109,6 +110,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') { 'leprivatekey' => Settings::Get('system.leprivatekey'), 'lepublickey' => Settings::Get('system.lepublickey'), 'leregistered' => Settings::Get('system.leregistered'), + 'leaccount' => Settings::Get('system.leaccount'), 'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'), 'expirationdate' => null, 'ssl_cert_file' => null,