2019-06-06 18:16:52 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
require_once EVOADMIN_BASE . '../lib/letsencrypt.php';
|
|
|
|
|
|
|
|
use lib\LetsEncrypt as letsencryt;
|
|
|
|
|
|
|
|
// store domain and aliases in session
|
|
|
|
if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-domains'])) {
|
|
|
|
$domain = $params[1];
|
2019-07-04 18:00:59 +02:00
|
|
|
$cmd = 'web-add.sh list-vhost ' . $domain;
|
2019-06-06 18:16:52 +02:00
|
|
|
|
|
|
|
sudoexec($cmd, $data_output, $exec_return);
|
|
|
|
|
|
|
|
$data_split = explode(':', $data_output[0]);
|
|
|
|
$aliases = explode(',', $data_split[3]);
|
|
|
|
|
|
|
|
$domains = array();
|
|
|
|
|
|
|
|
// store domain and aliases
|
|
|
|
array_push($domains, $data_split[2]);
|
|
|
|
foreach ($aliases as $alias) {
|
|
|
|
array_push($domains, $alias);
|
|
|
|
}
|
|
|
|
|
2019-07-04 15:51:58 +02:00
|
|
|
$_SESSION['letsencrypt-domains'] = array_filter($domains);
|
2019-06-06 18:16:52 +02:00
|
|
|
}
|
|
|
|
|
2019-06-07 11:49:11 +02:00
|
|
|
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
|
|
|
|
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
|
2019-06-06 18:16:52 +02:00
|
|
|
|
2019-06-07 11:49:11 +02:00
|
|
|
if (isset($_POST['submit'])) {
|
2019-06-06 18:16:52 +02:00
|
|
|
$letsencrypt = new letsencryt();
|
2019-07-04 15:55:10 +02:00
|
|
|
$errorMessage = '';
|
|
|
|
$warningMessage = '';
|
2019-06-06 18:16:52 +02:00
|
|
|
|
2019-06-07 15:25:15 +02:00
|
|
|
while (true) {
|
|
|
|
// check domains list
|
|
|
|
if (empty($_SESSION['letsencrypt-domains'])) {
|
2019-07-04 15:55:10 +02:00
|
|
|
$errorMessage = "Erreur : la liste des domaines est vide.";
|
2019-06-07 15:25:15 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
// check if evoacme is installed
|
|
|
|
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
|
|
|
|
if (!$binaries_installed) {
|
2019-07-04 15:55:10 +02:00
|
|
|
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
|
2019-06-07 15:25:15 +02:00
|
|
|
Veuillez contacter un administrateur.";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2019-07-04 15:55:10 +02:00
|
|
|
// Check existing SSL certificate
|
|
|
|
$domainsIncluded = array();
|
|
|
|
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
|
|
|
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
|
|
|
if (is_bool($existingSSLCertificate)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
|
|
|
|
|
|
|
|
// check if LE is the certificate issuer
|
|
|
|
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
|
|
|
|
if (!$isIssuerValid) {
|
|
|
|
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
|
|
|
|
break 2; // break the foreach and the while
|
|
|
|
}
|
|
|
|
|
|
|
|
// check if the domain is already in the certificate
|
|
|
|
$isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
|
|
|
|
if ($isDomainIncluded) {
|
|
|
|
array_push($domainsIncluded, $domain);
|
|
|
|
continue; // break only the current foreach iteration
|
|
|
|
}
|
|
|
|
|
|
|
|
// check wether the certificate is valid or expired
|
|
|
|
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
|
|
|
if (!$îsCertValid) {
|
|
|
|
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
|
|
|
Souhaitez-vous le renouveller ?";
|
|
|
|
break 2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// contains all the domains included in the existing certificate
|
|
|
|
if (!empty($domainsIncluded)) {
|
|
|
|
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
|
|
|
|
|
|
|
if (empty($domainsNotIncluded)) {
|
|
|
|
$errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines.";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
$warningMessage = "Attention : le certificat existant couvre déjà certains domaines.
|
|
|
|
Souhaitez-vous le renouveller ?";
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2019-06-07 15:25:15 +02:00
|
|
|
// check HTTP
|
|
|
|
$checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
|
|
|
|
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
|
|
|
|
if (!empty($failed_domains)) {
|
2019-07-04 15:55:10 +02:00
|
|
|
$errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
|
2019-06-07 15:25:15 +02:00
|
|
|
Merci de vérifier que le dossier <code>/.well-known/</code> est accessible.";
|
|
|
|
break;
|
|
|
|
}
|
2019-06-06 18:16:52 +02:00
|
|
|
|
2019-06-07 11:49:11 +02:00
|
|
|
// check DNS
|
2019-06-06 18:16:52 +02:00
|
|
|
$valid_domains = $letsencrypt->checkDNSValidity($checked_domains);
|
2019-06-07 15:25:15 +02:00
|
|
|
$failed_domains = array_diff($checked_domains, $valid_domains);
|
|
|
|
if (!empty($failed_domains)) {
|
2019-07-04 15:55:10 +02:00
|
|
|
$errorMessage = "Erreur : La vérification DNS a échoué pour les domaines ci-dessous.
|
2019-06-07 15:25:15 +02:00
|
|
|
Merci de vérifier les enregistrements de type A et AAAA.";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
2019-06-06 18:16:52 +02:00
|
|
|
}
|
|
|
|
}
|
2019-06-07 15:25:15 +02:00
|
|
|
|
2019-06-07 11:49:11 +02:00
|
|
|
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
|
|
|
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
|