Merge pull request #572 from markuspetermann/master
Fixed class.lescript_v2.php to work with ACMEv2
This commit is contained in:
Michael Kaufmann
GitHub
@@ -198,6 +198,7 @@ CREATE TABLE `panel_customers` (
|
||||
`lepublickey` mediumtext default NULL,
|
||||
`leprivatekey` mediumtext default NULL,
|
||||
`leregistered` tinyint(1) NOT NULL default '0',
|
||||
`leaccount` varchar(255) default '',
|
||||
`allowed_phpconfigs` varchar(500) NOT NULL default '',
|
||||
PRIMARY KEY (`customerid`),
|
||||
UNIQUE KEY `loginname` (`loginname`)
|
||||
@@ -653,6 +654,7 @@ opcache.interned_strings_buffer'),
|
||||
('system', 'hsts_incsub', '0'),
|
||||
('system', 'hsts_preload', '0'),
|
||||
('system', 'leregistered', '0'),
|
||||
('system', 'leaccount', ''),
|
||||
('system', 'nssextrausers', '0'),
|
||||
('system', 'disable_le_selfcheck', '0'),
|
||||
('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
|
||||
@@ -692,7 +694,7 @@ opcache.interned_strings_buffer'),
|
||||
('panel', 'password_special_char', '!?<>§$%+#=@'),
|
||||
('panel', 'customer_hide_options', ''),
|
||||
('panel', 'version', '0.9.39.5'),
|
||||
('panel', 'db_version', '201805290');
|
||||
('panel', 'db_version', '201809180');
|
||||
|
||||
|
||||
DROP TABLE IF EXISTS `panel_tasks`;
|
||||
|
||||
@@ -3998,3 +3998,16 @@ if (isDatabaseVersion('201805241')) {
|
||||
updateToDbVersion('201805290');
|
||||
}
|
||||
}
|
||||
|
||||
if (isDatabaseVersion('201805290')) {
|
||||
|
||||
showUpdateStep("Adding leaccount field to panel customers");
|
||||
Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD COLUMN `leaccount` varchar(255) default '' AFTER `leregistered`;");
|
||||
lastStepStatus(0);
|
||||
|
||||
showUpdateStep("Adding system setting for let's-encrypt account");
|
||||
Settings::AddNew('system.leaccount', "");
|
||||
lastStepStatus(0);
|
||||
|
||||
updateToDbVersion('201809180');
|
||||
}
|
||||
|
||||
@@ -76,6 +76,7 @@ class lescript_v2
|
||||
$this->customerId = (! $isFroxlorVhost ? $certrow['customerid'] : null);
|
||||
$this->isFroxlorVhost = $isFroxlorVhost;
|
||||
$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
|
||||
$this->_acc_location = $certrow['leaccount'];
|
||||
|
||||
$leregistered = $certrow['leregistered'];
|
||||
|
||||
@@ -149,42 +150,55 @@ class lescript_v2
|
||||
|
||||
// start domains authentication
|
||||
// ----------------------------
|
||||
|
||||
|
||||
// Prepare order
|
||||
$domains_in_order = array();
|
||||
foreach ($domains as $domain) {
|
||||
$domains_in_order []= array(
|
||||
"type" => "dns",
|
||||
"value" => $domain
|
||||
);
|
||||
}
|
||||
|
||||
// Send new-order request
|
||||
$response = $this->signedRequest($this->_req_uris['newOrder'], array(
|
||||
"identifiers" => $domains_in_order
|
||||
), false);
|
||||
|
||||
if ($this->client->getLastCode() == 403) {
|
||||
$this->log("Got status 403 - setting LE status to unregistered.");
|
||||
$this->_acc_location = '';
|
||||
$this->setLeRegisteredState(0);
|
||||
throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run. Whole response: " . json_encode($response));
|
||||
}
|
||||
|
||||
// if response is not an array but a string, it's most likely a server-error, e.g.
|
||||
// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
|
||||
// <p>Reference #179.d8be1402.1458059103.3613c4db</BODY></HTML>
|
||||
if (! is_array($response)) {
|
||||
throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
|
||||
}
|
||||
|
||||
if (! array_key_exists('authorizations', $response)) {
|
||||
throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response));
|
||||
}
|
||||
|
||||
$authorizations = $response['authorizations'];
|
||||
$finalizeLink = $response['finalize'];
|
||||
|
||||
$i = 0;
|
||||
|
||||
foreach ($authorizations as $authorization) {
|
||||
|
||||
// 1. getting available authentication options
|
||||
// -------------------------------------------
|
||||
|
||||
$domain = $response['identifiers'][$i++]['value'];
|
||||
|
||||
$this->log("Requesting challenge for $domain");
|
||||
|
||||
$response = $this->signedRequest($this->_req_uris['newOrder'], array(
|
||||
"identifiers" => array(
|
||||
array(
|
||||
"type" => "dns",
|
||||
"value" => $domain
|
||||
)
|
||||
)
|
||||
), false);
|
||||
|
||||
if ($this->client->getLastCode() == 403) {
|
||||
$this->log("Got status 403 - setting LE status to unregistered.");
|
||||
$this->setLeRegisteredState(0);
|
||||
throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run. Whole response: " . json_encode($response));
|
||||
}
|
||||
|
||||
// if response is not an array but a string, it's most likely a server-error, e.g.
|
||||
// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
|
||||
// <p>Reference #179.d8be1402.1458059103.3613c4db</BODY></HTML>
|
||||
if (! is_array($response)) {
|
||||
throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
|
||||
}
|
||||
|
||||
if (! array_key_exists('authorizations', $response)) {
|
||||
throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response));
|
||||
}
|
||||
|
||||
// get authorization
|
||||
$auth_response = $this->client->get($response['authorizations'][0]);
|
||||
$auth_response = $this->client->get($authorization);
|
||||
|
||||
if (! array_key_exists('challenges', $auth_response)) {
|
||||
throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($auth_response));
|
||||
@@ -201,7 +215,6 @@ class lescript_v2
|
||||
|
||||
$this->log("Got challenge token for $domain");
|
||||
$location = $challenge['url'];
|
||||
$finalizeLink = $response['finalize'];
|
||||
|
||||
// 2. saving authentication token for web verification
|
||||
// ---------------------------------------------------
|
||||
@@ -336,10 +349,12 @@ class lescript_v2
|
||||
if ($this->isLeProduction) {
|
||||
if ($this->isFroxlorVhost) {
|
||||
Settings::Set('system.leregistered', $state);
|
||||
Settings::Set('system.leaccount', $this->_acc_location);
|
||||
} else {
|
||||
$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
|
||||
$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered, `leaccount` = :kid " . "WHERE `customerid` = :customerid;");
|
||||
Database::pexecute($upd_stmt, array(
|
||||
'registered' => $state,
|
||||
'kid' => $this->_acc_location,
|
||||
'customerid' => $this->customerId
|
||||
));
|
||||
}
|
||||
|
||||
@@ -45,6 +45,7 @@ $certificates_stmt = Database::query("
|
||||
cust.`leprivatekey`,
|
||||
cust.`lepublickey`,
|
||||
cust.`leregistered`,
|
||||
cust.`leaccount`,
|
||||
cust.`customerid`,
|
||||
cust.`loginname`
|
||||
FROM
|
||||
@@ -109,6 +110,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
|
||||
'leprivatekey' => Settings::Get('system.leprivatekey'),
|
||||
'lepublickey' => Settings::Get('system.lepublickey'),
|
||||
'leregistered' => Settings::Get('system.leregistered'),
|
||||
'leaccount' => Settings::Get('system.leaccount'),
|
||||
'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
|
||||
'expirationdate' => null,
|
||||
'ssl_cert_file' => null,
|
||||
|
||||
Reference in New Issue
Block a user