From 599d73b54549d808e3d05c3a98c4729d942edd5f Mon Sep 17 00:00:00 2001
From: Alexandre Alouit <alexandre.alouit@gmail.com>
Date: Fri, 4 Dec 2015 09:47:54 +0100
Subject: bugfix & improvements
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

prevent apache with conf.d directory instead conf-available
create challenge directory (prevent Let’s Encrypt create file with bad
permission)
use debug ispconfig function
use fullchain for apache
---
 .../plugins-available/apache2_plugin.inc.php       | 24 +++++++++++++++++++---
 src/server/plugins-available/nginx_plugin.inc.php  | 17 ++++++++++++++-
 2 files changed, 37 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/server/plugins-available/apache2_plugin.inc.php b/src/server/plugins-available/apache2_plugin.inc.php
index 1b28759..66486b8 100755
--- a/src/server/plugins-available/apache2_plugin.inc.php
+++ b/src/server/plugins-available/apache2_plugin.inc.php
@@ -952,20 +952,38 @@ class apache2_plugin {
 
 		//* Generate Let's Encrypt SSL certificat
 		if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+			$data['new']['ssl_domain'] = $domain;
+			$vhost_data['ssl_domain'] = $domain;
+
 			//* be sure to have good domain
 			$lddomain = (string) "$domain";
 			if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
 				$lddomain .= (string) " --domains www." . $domain;
 			}
 
-				$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
+				$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem";
 				$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
 				$webroot = $data['new']['document_root']."/web";
 
 				//* check if we have already a Let's Encrypt cert
 				if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
-				$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
-					exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot --text --agree-tos");
+					$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+					if(is_dir($webroot . "/.well-known/")) {
+						$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+						$this->_exec("rm -rf " . $webroot . "/.well-known/");
+					}
+
+					$app->log("Create challenge directory", LOGLEVEL_DEBUG);
+					$app->system->mkdirpath($webroot . "/.well-known/");
+					$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
+					$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+					$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+					$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+					$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+					$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+					$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot");
 				};
 
 				//* check is been correctly created
diff --git a/src/server/plugins-available/nginx_plugin.inc.php b/src/server/plugins-available/nginx_plugin.inc.php
index 6c2aaa3..fb2329a 100755
--- a/src/server/plugins-available/nginx_plugin.inc.php
+++ b/src/server/plugins-available/nginx_plugin.inc.php
@@ -1127,7 +1127,22 @@ class nginx_plugin {
 			//* check if we have already a Let's Encrypt cert
 			if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
 				$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
-				exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot --text --agree-tos");
+
+				if(is_dir($webroot . "/.well-known/")) {
+					$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+					$this->_exec("rm -rf " . $webroot . "/.well-known/");
+				}
+
+				$app->log("Create challenge directory", LOGLEVEL_DEBUG);
+				$app->system->mkdirpath($webroot . "/.well-known/");
+				$app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']);
+				$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+				$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+				$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+				$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+				$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+				$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot");
 			};
 
 			//* check is been correctly created
-- 
cgit v1.2.3