make-csr function and confirmation button when warning is displayed
This commit is contained in:
parent
1cf62beb55
commit
1b4231e1a9
4 changed files with 110 additions and 56 deletions
|
@ -52,6 +52,7 @@ if (isset($_POST['submit'])) {
|
|||
$domainsIncluded = array();
|
||||
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
||||
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
||||
// if no certificate is present (false returned) for this domain, go to the next domain
|
||||
if (is_bool($existingSSLCertificate)) {
|
||||
continue;
|
||||
}
|
||||
|
@ -73,7 +74,7 @@ if (isset($_POST['submit'])) {
|
|||
|
||||
// check wether the certificate is valid or expired
|
||||
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
||||
if (!$îsCertValid) {
|
||||
if (!$îsCertValid && !isset($_POST['force_renew'])) {
|
||||
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
||||
Souhaitez-vous le renouveller ?";
|
||||
break 2;
|
||||
|
@ -81,7 +82,7 @@ if (isset($_POST['submit'])) {
|
|||
}
|
||||
|
||||
// contains all the domains included in the existing certificate
|
||||
if (!empty($domainsIncluded)) {
|
||||
if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
|
||||
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
||||
|
||||
if (empty($domainsNotIncluded)) {
|
||||
|
@ -96,11 +97,11 @@ if (isset($_POST['submit'])) {
|
|||
}
|
||||
|
||||
// check HTTP
|
||||
$checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
|
||||
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
|
||||
if (!empty($failed_domains)) {
|
||||
$errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
|
||||
Merci de vérifier que le dossier <code>/.well-known/</code> est accessible.";
|
||||
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
||||
|
||||
if (!$isRemoteResourceAvailable) {
|
||||
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
||||
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -115,6 +116,14 @@ if (isset($_POST['submit'])) {
|
|||
|
||||
break;
|
||||
}
|
||||
|
||||
// make csr
|
||||
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
||||
|
||||
// evoacme TEST ou DRY RUN
|
||||
// evoacme
|
||||
// modifier configuration vhosts
|
||||
// reload service web
|
||||
}
|
||||
|
||||
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
||||
|
|
|
@ -7,7 +7,7 @@ namespace lib;
|
|||
class LetsEncrypt
|
||||
{
|
||||
const HTTP_OK = 200;
|
||||
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
|
||||
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/testfile';
|
||||
|
||||
/**
|
||||
* create the file used to test the HTTP challenge
|
||||
|
@ -28,56 +28,63 @@ class LetsEncrypt
|
|||
}
|
||||
|
||||
/**
|
||||
* perform a cURL call on the remote resource
|
||||
* the cURL call follows redirections and pushes the last valid URL to an array
|
||||
* @param Array $domains list of domains
|
||||
* @return Array $checked_domains list of checked domains
|
||||
* generate a CSR
|
||||
* @param string $vhost
|
||||
* @param Array $domains
|
||||
* @return boolean
|
||||
*/
|
||||
public function checkRemoteResourceAvailability($domains)
|
||||
public function makeCsr($vhost, $domains)
|
||||
{
|
||||
$domains = implode(' ', $domains);
|
||||
$cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
|
||||
|
||||
sudoexec($cmd ,$data_output, $exec_return);
|
||||
|
||||
if ($exec_return == 0) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* perform a cURL call on the remote resource
|
||||
* the cURL call follows redirections
|
||||
* @param Array $domains list of domains
|
||||
* @return boolean
|
||||
*/
|
||||
public function checkRemoteResourceAvailability($domain)
|
||||
{
|
||||
$this->createFileHttpChallenge();
|
||||
|
||||
$curl_multi = curl_multi_init();
|
||||
$curl_handles = array();
|
||||
$checked_domains = array();
|
||||
$curl_handler = curl_init();
|
||||
|
||||
foreach ($domains as $key => $domain) {
|
||||
$curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
|
||||
// setting cURL options
|
||||
curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
|
||||
curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
|
||||
curl_setopt($curl_handler, CURLOPT_HEADER, true);
|
||||
curl_setopt($curl_handler, CURLOPT_NOBODY, true);
|
||||
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
|
||||
curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
|
||||
curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
|
||||
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
|
||||
|
||||
// setting cURL options
|
||||
curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
|
||||
curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
|
||||
curl_exec($curl_handler);
|
||||
|
||||
curl_multi_add_handle($curl_multi, $curl_handles[$key]);
|
||||
}
|
||||
|
||||
do {
|
||||
curl_multi_exec($curl_multi, $active);
|
||||
} while ($active);
|
||||
|
||||
foreach ($curl_handles as $curl_handle) {
|
||||
$returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
|
||||
$returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
|
||||
|
||||
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
|
||||
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
|
||||
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
|
||||
|
||||
array_push($checked_domains, $returned_http_url);
|
||||
}
|
||||
curl_multi_remove_handle($curl_multi, $curl_handle);
|
||||
}
|
||||
curl_multi_close($curl_multi);
|
||||
$returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
|
||||
$returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
|
||||
|
||||
$this->deleteFileHttpChallenge();
|
||||
|
||||
return $checked_domains;
|
||||
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
|
||||
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
|
||||
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -853,6 +853,9 @@ arg_processing() {
|
|||
manage-http-challenge-file)
|
||||
op_managehttpchallengefile "$@"
|
||||
;;
|
||||
generate-csr)
|
||||
op_makecsr "$@"
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
|
@ -860,16 +863,41 @@ arg_processing() {
|
|||
fi
|
||||
}
|
||||
|
||||
op_makecsr() {
|
||||
if [ $# -gt 1 ]; then
|
||||
vhost="$1"
|
||||
domains=""
|
||||
|
||||
# remove the first argument to keep only the domains
|
||||
shift 1
|
||||
|
||||
for domain in "$@"; do
|
||||
domains="${domains:+${domains} }${domain}"
|
||||
done
|
||||
|
||||
# pipe the domains to make-csr because we don't have STDIN
|
||||
echo "$domains" | make-csr "$vhost"
|
||||
else usage
|
||||
fi
|
||||
}
|
||||
|
||||
op_managehttpchallengefile() {
|
||||
if [ $# -eq 1 ]; then
|
||||
file="/var/lib/letsencrypt/.well-known/acme-challenge"
|
||||
folder="/var/lib/letsencrypt/.well-known/acme-challenge"
|
||||
file="testfile"
|
||||
|
||||
action=${1};
|
||||
|
||||
if [ "$action" = "create" ]; then
|
||||
touch "$file"
|
||||
chmod 755 "$file"
|
||||
if [ ! -d "$folder" ]; then
|
||||
mkdir "$folder"
|
||||
fi
|
||||
if [ ! -f "$folder/$file" ]; then
|
||||
touch "$folder/$file"
|
||||
fi
|
||||
chmod -R 755 "$folder"
|
||||
elif [ "$action" = "delete" ]; then
|
||||
rm "$file"
|
||||
rm -r "$folder"
|
||||
else usage
|
||||
fi
|
||||
else usage
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
<?php
|
||||
if (isset($_POST['submit'])) {
|
||||
if (!empty($error_message)) {
|
||||
echo '<span class="form-error">' . $error_message . '</span>';
|
||||
if (!empty($errorMessage)) {
|
||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
||||
|
||||
if (count($failed_domains) > 0) {
|
||||
echo '<p>';
|
||||
|
@ -12,8 +12,18 @@ if (isset($_POST['submit'])) {
|
|||
}
|
||||
echo '</p>';
|
||||
}
|
||||
} elseif (!empty($warningMessage)) {
|
||||
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
|
||||
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
||||
<p>
|
||||
<input type="hidden" name="force_renew">
|
||||
<input type="submit" name="submit" value="Confirmer le renouvellement" style="margin-left:0px;">
|
||||
</p>
|
||||
</form>
|
||||
<?php
|
||||
|
||||
} else {
|
||||
echo 'checks succeeded.';
|
||||
echo "all checks succeeded";
|
||||
}
|
||||
} else {
|
||||
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
||||
|
@ -24,7 +34,7 @@ if (isset($_POST['submit'])) {
|
|||
}
|
||||
echo '</p>';
|
||||
?>
|
||||
<form name="form-confirm-delete-alias" id="form-confirm-delete-alias" action="" method="POST">
|
||||
<form name="form-confirm-install-cert" id="form-confirm-install-cert" action="" method="POST">
|
||||
<p><input type="submit" name="submit" value="Installer le certificat" style="margin-left:0px;"></p>
|
||||
</form>
|
||||
<?php
|
||||
|
|
Loading…
Reference in a new issue