improvements & bug fix

add subdomains support fix autosubdomain « hot » change fix domain « hot » change fix nginx minor bug update todo list update readme
author: Alexandre Alouit <alexandre.alouit@gmail.com> 2016-01-20 17:13:56 +0100
committer: Alexandre Alouit <alexandre.alouit@gmail.com> 2016-01-20 17:13:56 +0100
commit: f74f4a135601c45da0320fcf9b667e87a049bc71 (patch)
tree: b48b7b24230c3a1f0a624b24ee8c44a7c11615a2
parent: cfc790f7f3cc0b5c08dda9c32a5f7c8737a729b4 (diff)
4 files changed, 98 insertions, 9 deletions
diff --git a/README.md b/README.md
index 006421d..f159d31 100644
--- a/README.md
+++ b/README.md
@@ -67,3 +67,33 @@ crontab -e
 ```
 ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n';
 ```
+
+
+## TROUBLESHOOTING
+
+update Let's Encrypt
+```
+cd /root/letsencrypt
+git fetch
+./letsencrypt-auto
+```
+
+see Let's Encrypt log
+```
+cat /var/log/letsencrypt/letsencrypt.log
+```
+
+see ISPConfig log
+```
+cat /var/log/ispconfig/ispconfig.log
+cat /var/log/ispconfig/cron.log
+```
+
+remove certs
+```
+rm -r /etc/letsencrypt/archive/$domain/
+rm -r /etc/letsencrypt/live/$domain/
+rm -r /etc/letsencrypt/renewal/$domain.conf
+```
+
+re-generate cert: uncheck SSL & Let's Encrypt, save, recheck and save
diff --git a/_todo b/_todo
index 8be3573..1da1187 100644
--- a/_todo
+++ b/_todo
@@ -3,6 +3,7 @@ check dns MX entry is correct before request to Let's Encrypt (apache and nginx
 check if we already have a symlink and if he's valid (apache and nginx plugin)
 force ssl field to on when use Let's Encrypt (api access?)
 disable ssl tab when use Let's Encrypt (webgui)
-check dns entry is correct and MX domain
+support aliasdomain
+improve email policy
 check if is a symlink and is correct (if target is same)
 disable ssl & letsencrypt fields in database if we have error (and show notification?)
diff --git a/src/server/plugins-available/apache2_plugin.inc.php b/src/server/plugins-available/apache2_plugin.inc.php
index daf3f9d..6dbf04e 100755
--- a/src/server/plugins-available/apache2_plugin.inc.php
+++ b/src/server/plugins-available/apache2_plugin.inc.php
@@ -951,16 +951,45 @@ class apache2_plugin {
 		*/
 
 		//* Generate Let's Encrypt SSL certificat
-		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+			($data['old']['ssl'] == 'n' OR $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+			OR ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+			OR ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+			OR ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+		)) {
 				$data['new']['ssl_domain'] = $domain;
 				$vhost_data['ssl_domain'] = $domain;
 
+				// default values
+				$temp_domains = array();
+				$lddomain = $domain;
+				$subdomains = null;
+
 				//* be sure to have good domain
-			$lddomain = (string) "$domain";
 				if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
-				$lddomain .= (string) " --domains www." . $domain;
+					$temp_domains[] = "www." . $domain;
+				}
+
+				//* then, add subdomain if we have
+				$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
+				if(is_array($subdomains)) {
+					foreach($subdomains as $subdomain) {
+						$temp_domains[] = $subdomain['domain'];
+					}
 				}
 
+				// prevent duplicate
+				$temp_domains = array_unique($temp_domains);
+
+				// generate cli format
+				foreach($temp_domains as $temp_domain) {
+					$lddomain .= (string) " --domains " . $temp_domain;
+				}
+
+				// useless data
+				unset($subdomains);
+				unset($temp_domains);
+
 				$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
 				$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
 				$bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
diff --git a/src/server/plugins-available/nginx_plugin.inc.php b/src/server/plugins-available/nginx_plugin.inc.php
index 908f40e..6e188eb 100755
--- a/src/server/plugins-available/nginx_plugin.inc.php
+++ b/src/server/plugins-available/nginx_plugin.inc.php
@@ -1114,15 +1114,44 @@ class nginx_plugin {
 
 		$tpl->setVar('ssl_letsencrypt', "n");
 		//* Generate Let's Encrypt SSL certificat
-		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+			($data['old']['ssl'] == 'n' OR $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+			OR ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+			OR ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+			OR ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+		)) {
+
+			// default values
+			$temp_domains = array();
+			$lddomain = $domain;
+			$subdomains = null;
+
 			//* be sure to have good domain
-			$lddomain = (string) "$domain";
 			if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
-				$lddomain .= (string) " --domains www." . $domain;
+				$temp_domains[] = "www." . $domain;
+			}
+
+			//* then, add subdomain if we have
+			$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
+			if(is_array($subdomains)) {
+				foreach($subdomains as $subdomain) {
+					$temp_domains[] = $subdomain['domain'];
+				}
 			}
 
+			// prevent duplicate
+			$temp_domains = array_unique($temp_domains);
+
+			// generate cli format
+			foreach($temp_domains a $temp_domain) {
+				$lddomain .= (string) " --domains " . $temp_domain;
+			}
+
+			// useless data
+			unset($subdomains);
+			unset($temp_domains);
+
 			$tpl->setVar('ssl_letsencrypt', "y");
-			//* TODO: check dns entry is correct
 			$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem";
 			$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
 			$webroot = $data['new']['document_root']."/web";
@@ -1138,7 +1167,7 @@ class nginx_plugin {
 
 				$app->log("Create challenge directory", LOGLEVEL_DEBUG);
 				$app->system->mkdirpath($webroot . "/.well-known/");
-				$app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']);
+				$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
 				$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
 				$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
 				$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
author	Alexandre Alouit <alexandre.alouit@gmail.com>	2016-01-20 17:13:56 +0100
committer	Alexandre Alouit <alexandre.alouit@gmail.com>	2016-01-20 17:13:56 +0100
commit	f74f4a135601c45da0320fcf9b667e87a049bc71 (patch)
tree	b48b7b24230c3a1f0a624b24ee8c44a7c11615a2
parent	cfc790f7f3cc0b5c08dda9c32a5f7c8737a729b4 (diff)