From f74f4a135601c45da0320fcf9b667e87a049bc71 Mon Sep 17 00:00:00 2001 From: Alexandre Alouit Date: Wed, 20 Jan 2016 17:13:56 +0100 Subject: improvements & bug fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add subdomains support fix autosubdomain « hot » change fix domain « hot » change fix nginx minor bug update todo list update readme --- README.md | 30 +++++++++++++++ _todo | 3 +- .../plugins-available/apache2_plugin.inc.php | 45 ++++++++++++++++++---- src/server/plugins-available/nginx_plugin.inc.php | 39 ++++++++++++++++--- 4 files changed, 103 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 006421d..f159d31 100644 --- a/README.md +++ b/README.md @@ -67,3 +67,33 @@ crontab -e ``` ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n'; ``` + + +## TROUBLESHOOTING + +update Let's Encrypt +``` +cd /root/letsencrypt +git fetch +./letsencrypt-auto +``` + +see Let's Encrypt log +``` +cat /var/log/letsencrypt/letsencrypt.log +``` + +see ISPConfig log +``` +cat /var/log/ispconfig/ispconfig.log +cat /var/log/ispconfig/cron.log +``` + +remove certs +``` +rm -r /etc/letsencrypt/archive/$domain/ +rm -r /etc/letsencrypt/live/$domain/ +rm -r /etc/letsencrypt/renewal/$domain.conf +``` + +re-generate cert: uncheck SSL & Let's Encrypt, save, recheck and save diff --git a/_todo b/_todo index 8be3573..1da1187 100644 --- a/_todo +++ b/_todo @@ -3,6 +3,7 @@ check dns MX entry is correct before request to Let's Encrypt (apache and nginx check if we already have a symlink and if he's valid (apache and nginx plugin) force ssl field to on when use Let's Encrypt (api access?) disable ssl tab when use Let's Encrypt (webgui) -check dns entry is correct and MX domain +support aliasdomain +improve email policy check if is a symlink and is correct (if target is same) disable ssl & letsencrypt fields in database if we have error (and show notification?) diff --git a/src/server/plugins-available/apache2_plugin.inc.php b/src/server/plugins-available/apache2_plugin.inc.php index daf3f9d..6dbf04e 100755 --- a/src/server/plugins-available/apache2_plugin.inc.php +++ b/src/server/plugins-available/apache2_plugin.inc.php @@ -951,15 +951,44 @@ class apache2_plugin { */ //* Generate Let's Encrypt SSL certificat - if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { - $data['new']['ssl_domain'] = $domain; - $vhost_data['ssl_domain'] = $domain; + if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active + ($data['old']['ssl'] == 'n' OR $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration + OR ($data['old']['domain'] != $data['new']['domain']) // we have domain update + OR ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain + OR ($data['new']['type'] == 'subdomain') // we have new or update on subdomain + )) { + $data['new']['ssl_domain'] = $domain; + $vhost_data['ssl_domain'] = $domain; + + // default values + $temp_domains = array(); + $lddomain = $domain; + $subdomains = null; + + //* be sure to have good domain + if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { + $temp_domains[] = "www." . $domain; + } - //* be sure to have good domain - $lddomain = (string) "$domain"; - if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { - $lddomain .= (string) " --domains www." . $domain; - } + //* then, add subdomain if we have + $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'"); + if(is_array($subdomains)) { + foreach($subdomains as $subdomain) { + $temp_domains[] = $subdomain['domain']; + } + } + + // prevent duplicate + $temp_domains = array_unique($temp_domains); + + // generate cli format + foreach($temp_domains as $temp_domain) { + $lddomain .= (string) " --domains " . $temp_domain; + } + + // useless data + unset($subdomains); + unset($temp_domains); $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem"; $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; diff --git a/src/server/plugins-available/nginx_plugin.inc.php b/src/server/plugins-available/nginx_plugin.inc.php index 908f40e..6e188eb 100755 --- a/src/server/plugins-available/nginx_plugin.inc.php +++ b/src/server/plugins-available/nginx_plugin.inc.php @@ -1114,15 +1114,44 @@ class nginx_plugin { $tpl->setVar('ssl_letsencrypt', "n"); //* Generate Let's Encrypt SSL certificat - if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { + if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active + ($data['old']['ssl'] == 'n' OR $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration + OR ($data['old']['domain'] != $data['new']['domain']) // we have domain update + OR ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain + OR ($data['new']['type'] == 'subdomain') // we have new or update on subdomain + )) { + + // default values + $temp_domains = array(); + $lddomain = $domain; + $subdomains = null; + //* be sure to have good domain - $lddomain = (string) "$domain"; if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { - $lddomain .= (string) " --domains www." . $domain; + $temp_domains[] = "www." . $domain; + } + + //* then, add subdomain if we have + $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'"); + if(is_array($subdomains)) { + foreach($subdomains as $subdomain) { + $temp_domains[] = $subdomain['domain']; + } } + // prevent duplicate + $temp_domains = array_unique($temp_domains); + + // generate cli format + foreach($temp_domains a $temp_domain) { + $lddomain .= (string) " --domains " . $temp_domain; + } + + // useless data + unset($subdomains); + unset($temp_domains); + $tpl->setVar('ssl_letsencrypt', "y"); - //* TODO: check dns entry is correct $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem"; $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem"; $webroot = $data['new']['document_root']."/web"; @@ -1138,7 +1167,7 @@ class nginx_plugin { $app->log("Create challenge directory", LOGLEVEL_DEBUG); $app->system->mkdirpath($webroot . "/.well-known/"); - $app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']); + $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']); $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); -- cgit v1.2.3