maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity
3,269 Commits 6 Branches 188 Tags
547140bafb4e936cfc469858e4b11e9ef93c207b
Commit Graph

35 Commits

Author SHA1 Message Date
Michael Kaufmann (d00p)
462fca7328 do not add www.[froxlorfqdn] to SAN list of certificate request for Let's Encrypt froxlor-vhost certificate; fixes #1662 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-10-28 10:57:51 +02:00
Michael Kaufmann (d00p)
b8c2047379 try to implement ssl-redirect for froxlor-vhost; combine various settings that are froxlor-vhost related into its own category, fixes #1480 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-11 17:48:08 +02:00
Daniel Reichelt
b8bfd7ff4c LE: don't re-use old CSRs, always generate new ones 
fixes #1652
 2016-09-11 00:51:42 +02:00
Daniel Reichelt
d1a3defef0 LE: change log level to LOG_INFO 2016-09-11 00:51:41 +02:00
Michael Kaufmann (d00p)
08f36243e9 only renew froxlor.panel LE cert if required 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-08 12:28:43 +02:00
Michael Kaufmann (d00p)
e4887362ec added let's encrypt for froxlor vhost - untested for now, testers are welcome 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-05 17:01:10 +02:00
Michael Kaufmann (d00p)
a840905166 set version specific user-agent in lescript like we do in ajax stuff 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-08-28 14:07:13 +02:00
Daniel Reichelt
6e2b1773a3 LE: support alias domains 
LE CSRs are triggered for the aliasdomain target domain on

* domain deletion

* domain creation

* domain editing when
  * the aliasdomain target changes (CSR triggered both for old and new
    target)
  * wwwalias is disabled or enabled
  * letsencrypt is disabled or enabled (domain-local)

fixes #1597
 2016-05-16 17:35:51 +02:00
Daniel Reichelt
f3e05742b5 LE: change semantics of setting.letsencryptreuseold 
Previously setting.letsencryptreuseold determined wheter both a domain's
private key and a CSR should be re-generated.

Preparing support of alias domains in LE certificates, this is changed to
only determine the re-generation of the private key. CSRs now are always
re-generated.
 2016-05-16 17:35:51 +02:00
Daniel Reichelt
712aebb864 LE: improve SQL readability 2016-05-16 17:35:51 +02:00
Daniel Reichelt
0ae0178b4c LE: PSR-2 formatting 2016-05-16 17:35:51 +02:00
Michael Kaufmann (d00p)
84f1d94ad6 check for php-curl installed when cron_letsencrypt runs; format source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-04-11 08:02:18 +02:00
Daniel Reichelt
c458ed8b0c cron/LE: fix superfluous CSRs 
Depending on the data present, the LE cronscript may cause multiple
entries per domain in domain_ssl_settings.

This is due to $updcert_stmt interfering with the outer loop
while ($certrow = $stmt->fetch()): PDO's DB cursor sees rows newly created
by $updcert_stmt within the loop. As a consequence this also leads to
superfluous CSRs, thus increasing the certificate limit counter on the LE
side.

Solution: manifest the result of @$certificates_stmt@ on the PHP side in
its entirety prior to entering the outer loop.
 2016-03-08 08:21:09 +01:00
Andreas Grundler
d3bf80342d use $return['chain'] instead of $return['fullchain'] for ssl_cert_chainfile 2016-03-06 14:10:24 +01:00
Michael Kaufmann (d00p)
d6f42dc88c make letsencrypt cron log to the customer system-log, it might contain important information 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-03-02 15:20:30 +01:00
Florian Aders
e621e02f92 Allow selecting new keysize, fixes #1594 
Prepare database and cron for HSTS, refs #1593
Added option to re-use key and CSR for Let's Encrypt

Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-19 17:35:44 +01:00
Daniel Reichelt
185178a91e LE: whitespace fixes 
- fix mixed indentations
- remove trailing whitespace
 2016-02-19 14:44:22 +01:00
Florian Aders
c828e3b0d9 Fixed comment :P 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 22:40:31 +01:00
Florian Aders
45c081990a We don't need to check for the documentroot anymore 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 22:26:44 +01:00
Florian Aders
9f54e60056 Answer all Let's Encrypt challenges via alias to a directory in Froxlor itself, enables us to answer challenges before the vhost is set, thx PrfDrDrStullenBr for the idea \(vhost - configs for most distributions untested\) 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 21:43:44 +01:00
Florian Aders
b002d687c0 Fixed typo 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 14:56:18 +01:00
Stefan Heid
c229c11bdf Edited warning for letsencrypt to show domain instead of ssl_redirect 2016-02-17 12:07:19 +01:00
Florian Aders
ddaadf81d6 Temporarily deactivate ssl_redirect if a new Let's Encrypt certificate needs to be generated 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-16 14:31:07 +01:00
Florian Aders
f8ed70c5f2 Log certificate update in syslog etc 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-03 17:42:00 +01:00
Florian Aders
172915b5be Store chains correctly 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-03 16:47:46 +01:00
Florian Aders
cdb00a76ce Log cert - error in syslog/database 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-01 21:23:01 +01:00
Florian Aders
efc5f37850 Well, we need a new key if we don't havre one, not if we already have one 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-01 20:58:49 +01:00
Florian Aders
ba1181e8ff Fixed inserting of certificate if it didn't exist yet and return textbased domainkey, not ressource 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-01 20:47:16 +01:00
Florian Aders
daf32b8ac4 Froxlor doesn't use namespaces yet :/ 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-01 10:19:31 +01:00
Florian Aders
dd9e540ca3 inserttask(1) after updating certificates, updated install/update - SQL 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 15:19:40 +01:00
Florian Aders
44d08d6aa9 Add let's encrypt to customer domain - GUI 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 13:59:34 +01:00
Florian Aders
67df9dbf6b Experiment with accountkeys per customer 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 13:06:42 +01:00
Florian Aders
2e7dd6f212 Changed comments to // to match the rest of Froxlor and made small improvements to the accountKey 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 10:56:08 +01:00
Florian Aders
d45e9e63e6 Fixed a few obvious bugs 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-29 16:52:58 +01:00
Florian Aders
4f0c1894a3 Initial version of let's encrypt renewal cron 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-29 14:29:30 +01:00