diff options
author | Alexandre Alouit <alexandre.alouit@gmail.com> | 2015-12-04 09:47:54 +0100 |
---|---|---|
committer | Alexandre Alouit <alexandre.alouit@gmail.com> | 2015-12-04 09:47:54 +0100 |
commit | 599d73b54549d808e3d05c3a98c4729d942edd5f (patch) | |
tree | 6a35115fa53dc553196510b32caf3e24f2af155f /src | |
parent | 876dc671ef09e855eea7714c519977462e90f30c (diff) |
bugfix & improvements
prevent apache with conf.d directory instead conf-available
create challenge directory (prevent Let’s Encrypt create file with bad
permission)
use debug ispconfig function
use fullchain for apache
Diffstat (limited to 'src')
-rwxr-xr-x | src/server/plugins-available/apache2_plugin.inc.php | 24 | ||||
-rwxr-xr-x | src/server/plugins-available/nginx_plugin.inc.php | 17 |
2 files changed, 37 insertions, 4 deletions
diff --git a/src/server/plugins-available/apache2_plugin.inc.php b/src/server/plugins-available/apache2_plugin.inc.php index 1b28759..66486b8 100755 --- a/src/server/plugins-available/apache2_plugin.inc.php +++ b/src/server/plugins-available/apache2_plugin.inc.php @@ -952,20 +952,38 @@ class apache2_plugin { //* Generate Let's Encrypt SSL certificat if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { + $data['new']['ssl_domain'] = $domain; + $vhost_data['ssl_domain'] = $domain; + //* be sure to have good domain $lddomain = (string) "$domain"; if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { $lddomain .= (string) " --domains www." . $domain; } - $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem"; + $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem"; $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; $webroot = $data['new']['document_root']."/web"; //* check if we have already a Let's Encrypt cert if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { - $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); - exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot --text --agree-tos"); + $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); + + if(is_dir($webroot . "/.well-known/")) { + $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); + $this->_exec("rm -rf " . $webroot . "/.well-known/"); + } + + $app->log("Create challenge directory", LOGLEVEL_DEBUG); + $app->system->mkdirpath($webroot . "/.well-known/"); + $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); + $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); + $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); + $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); + + $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot"); }; //* check is been correctly created diff --git a/src/server/plugins-available/nginx_plugin.inc.php b/src/server/plugins-available/nginx_plugin.inc.php index 6c2aaa3..fb2329a 100755 --- a/src/server/plugins-available/nginx_plugin.inc.php +++ b/src/server/plugins-available/nginx_plugin.inc.php @@ -1127,7 +1127,22 @@ class nginx_plugin { //* check if we have already a Let's Encrypt cert if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); - exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot --text --agree-tos"); + + if(is_dir($webroot . "/.well-known/")) { + $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); + $this->_exec("rm -rf " . $webroot . "/.well-known/"); + } + + $app->log("Create challenge directory", LOGLEVEL_DEBUG); + $app->system->mkdirpath($webroot . "/.well-known/"); + $app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); + $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); + $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); + $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); + $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); + + $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot"); }; //* check is been correctly created |