maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity
3,404 Commits 6 Branches 188 Tags
5540b02e352fc421763d01d4e69beca6fd6ea11d
Commit Graph

46 Commits

Author SHA1 Message Date
Michael Kaufmann (d00p)
5540b02e35 do not remove Let's Encrypt token when self-check fails but rather give out the information as warning. The self-check fails for many users due to different local configurations and might not always be correct; fixes #480 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2017-11-27 07:54:41 +01:00
Pascal Querner
82c719d786 dont send uri to challenge, if no valid token could be fetched 2017-07-07 22:50:39 +02:00
Michael Kaufmann (d00p)
338cf161d2 fix undefined index if let's encrypt is used for the froxlor-vhost 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2017-01-14 18:06:04 +01:00
Michael Kaufmann
602c38dbeb Merge branch 'master' into feature/letsencrypt-verbesserungen 2016-12-11 08:23:46 +01:00
Michael Kaufmann (d00p)
001786dd97 fix incorrect User-Agent header in let's encrypt class, fixes #1683 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-12-09 13:33:57 +01:00
micw
7b6bbcec48 Fixed default LE license URL 
(removed testing stuff)
 2016-11-27 12:45:06 +01:00
Michael Wyraz
18b45c749d Better handling for letsencrypt errors after failed registration or changed license 2016-11-25 09:54:47 +01:00
Jens A. Koch
c51840e760 bugfix for error, when trying to call function logAction() on undefined var $cronlog 2016-09-11 12:00:26 +02:00
Michael Kaufmann (d00p)
e4887362ec added let's encrypt for froxlor vhost - untested for now, testers are welcome 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-09-05 17:01:10 +02:00
Oliver Rahner
9260319ac1 Letsencrypt: only update registration when necessary 
if no Terms of Service are presented by the ACME server when registering, don't update registration
 2016-09-04 21:27:23 +02:00
Oliver Rahner
34767a14d5 Remove dependency on hard coded agreement URL for Let's Encrypt 
Change the process to first create a new registration, which delivers the current TOS url in the response's header, then modify the newly created registration to accept the agreement.
 2016-08-31 16:35:59 +02:00
Oliver Rahner
7f56e98009 do not die after token self check 
We have to finish the challenge request so that the auth does not linger in state "pending", but goes to "invalid". See https://forum.froxlor.org/index.php/topic/13463-lets-encrypt-zertifikate-werden-nicht-erneuert/#entry32895
 2016-08-29 10:46:21 +02:00
Michael Kaufmann (d00p)
a840905166 set version specific user-agent in lescript like we do in ajax stuff 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-08-28 14:07:13 +02:00
w6g23
d31589ba99 Set a User Agent in the HTTP request fetching the LE challenge URI for self check 
A rule (e.g. Wordpress plugin iThemes) might block requests with empty
User Agents.
 2016-08-28 12:59:09 +02:00
Michael Kaufmann (d00p)
468d20ee57 really reuse old csr if given + code formatting 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-08-06 09:32:03 +02:00
Michael Kaufmann (d00p)
cd806b19f7 update let's encrypt subscriber agreement to v1.1.1 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-08-06 07:40:14 +02:00
Michael Kaufmann (d00p)
b2f815617c Update Let's Encrypt subscriber agreement, fixes #1644 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-08-04 07:40:08 +02:00
Daniel Reichelt
f3e05742b5 LE: change semantics of setting.letsencryptreuseold 
Previously setting.letsencryptreuseold determined wheter both a domain's
private key and a CSR should be re-generated.

Preparing support of alias domains in LE certificates, this is changed to
only determine the re-generation of the private key. CSRs now are always
re-generated.
 2016-05-16 17:35:51 +02:00
Daniel Reichelt
001f10f74e LE: catch error due to rate-limited account registration 
and fix bad english in log message
 2016-05-16 17:35:51 +02:00
Daniel Reichelt
0ae0178b4c LE: PSR-2 formatting 2016-05-16 17:35:51 +02:00
Michael Kaufmann (d00p)
84f1d94ad6 check for php-curl installed when cron_letsencrypt runs; format source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-04-11 08:02:18 +02:00
Daniel Schmitz
3405c7e313 Let's Encrypt: Always regenerate a new account-key, if staging 2016-03-24 01:26:57 +08:00
Michael Kaufmann (d00p)
228d07ca66 output error in case of a server-error from LE, fixes #1609 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-03-15 17:45:43 +01:00
Daniel Reichelt
291fae1744 cron/LE: more verbose error message on token error 
be more specific about what exactly went wrong when trying to assert the
challenge/response payload (like e.g. http response code, error in DNS
resolution etc.)
 2016-03-08 08:21:10 +01:00
Evi Vanoost
83fd1ab0ca class.lescript.php: OpenSSL requires integer for key size. DB returns string. Cast string to integer 
trusty.xml: All files in conf.d get automatically included causing the location to be out of place and nginx fails to start
cron_tasks.inc.http.30.nginx.php: Location directives should be included in a host, nginx doesn't have the concept of global location directives in the way apache does
 2016-02-21 18:55:02 -05:00
Stefan Weil
50e7311390 Fix some typos in code comments 
Most of them were found by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
 2016-02-20 17:10:24 +01:00
Florian Aders
e621e02f92 Allow selecting new keysize, fixes #1594 
Prepare database and cron for HSTS, refs #1593
Added option to re-use key and CSR for Let's Encrypt

Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-19 17:35:44 +01:00
Daniel Reichelt
b071b8c2d9 LE: remove challenge file on failure, take #2 ;) 2016-02-19 14:44:23 +01:00
Daniel Reichelt
185178a91e LE: whitespace fixes 
- fix mixed indentations
- remove trailing whitespace
 2016-02-19 14:44:22 +01:00
Florian Aders
9ca31c10ae Only store accountkeys in production 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-19 12:27:17 +01:00
Florian Aders
9f54e60056 Answer all Let's Encrypt challenges via alias to a directory in Froxlor itself, enables us to answer challenges before the vhost is set, thx PrfDrDrStullenBr for the idea \(vhost - configs for most distributions untested\) 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 21:43:44 +01:00
Florian Aders
5151f50d49 Renamed "debugHandler" to "logger" to be more specific 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 20:47:47 +01:00
Florian Aders
9b08d67ea7 Remove challengefile if challenge fails, thx nachtgeist 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-18 20:40:41 +01:00
Florian Aders
ddaadf81d6 Temporarily deactivate ssl_redirect if a new Let's Encrypt certificate needs to be generated 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-16 14:31:07 +01:00
Florian Aders
ea2fa3be15 Changed CSR - request generation to 4096 bit 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-14 17:31:28 +01:00
Florian Aders
2472a52fed Make some Let's encrypt settings configurable 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-03 17:21:48 +01:00
Florian Aders
1814407bfd Throw exception if no challenges are returned at all 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-02 11:17:04 +01:00
Florian Aders
efc5f37850 Well, we need a new key if we don't havre one, not if we already have one 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-01 20:58:49 +01:00
Florian Aders
ba1181e8ff Fixed inserting of certificate if it didn't exist yet and return textbased domainkey, not ressource 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-01 20:47:16 +01:00
Florian Aders
44d08d6aa9 Add let's encrypt to customer domain - GUI 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 13:59:34 +01:00
Florian Aders
e0e1085c73 Fix your SQL, dude 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 13:14:51 +01:00
Florian Aders
67df9dbf6b Experiment with accountkeys per customer 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 13:06:42 +01:00
Florian Aders
2e7dd6f212 Changed comments to // to match the rest of Froxlor and made small improvements to the accountKey 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-30 10:56:08 +01:00
Florian Aders
ed2837f1db Added linebreak to logmessage of class 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-29 16:59:00 +01:00
Florian Aders
d45e9e63e6 Fixed a few obvious bugs 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-29 16:52:58 +01:00
Florian Aders
4f0c1894a3 Initial version of let's encrypt renewal cron 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-01-29 14:29:30 +01:00