make-csr function and confirmation button when warning is displayed
This commit is contained in:
parent
1cf62beb55
commit
1b4231e1a9
|
@ -52,6 +52,7 @@ if (isset($_POST['submit'])) {
|
||||||
$domainsIncluded = array();
|
$domainsIncluded = array();
|
||||||
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
||||||
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
||||||
|
// if no certificate is present (false returned) for this domain, go to the next domain
|
||||||
if (is_bool($existingSSLCertificate)) {
|
if (is_bool($existingSSLCertificate)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -73,7 +74,7 @@ if (isset($_POST['submit'])) {
|
||||||
|
|
||||||
// check wether the certificate is valid or expired
|
// check wether the certificate is valid or expired
|
||||||
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
||||||
if (!$îsCertValid) {
|
if (!$îsCertValid && !isset($_POST['force_renew'])) {
|
||||||
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
||||||
Souhaitez-vous le renouveller ?";
|
Souhaitez-vous le renouveller ?";
|
||||||
break 2;
|
break 2;
|
||||||
|
@ -81,7 +82,7 @@ if (isset($_POST['submit'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// contains all the domains included in the existing certificate
|
// contains all the domains included in the existing certificate
|
||||||
if (!empty($domainsIncluded)) {
|
if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
|
||||||
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
||||||
|
|
||||||
if (empty($domainsNotIncluded)) {
|
if (empty($domainsNotIncluded)) {
|
||||||
|
@ -96,11 +97,11 @@ if (isset($_POST['submit'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check HTTP
|
// check HTTP
|
||||||
$checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
|
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
||||||
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
|
|
||||||
if (!empty($failed_domains)) {
|
if (!$isRemoteResourceAvailable) {
|
||||||
$errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
|
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
||||||
Merci de vérifier que le dossier <code>/.well-known/</code> est accessible.";
|
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,6 +116,14 @@ if (isset($_POST['submit'])) {
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// make csr
|
||||||
|
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
||||||
|
|
||||||
|
// evoacme TEST ou DRY RUN
|
||||||
|
// evoacme
|
||||||
|
// modifier configuration vhosts
|
||||||
|
// reload service web
|
||||||
}
|
}
|
||||||
|
|
||||||
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
||||||
|
|
|
@ -7,7 +7,7 @@ namespace lib;
|
||||||
class LetsEncrypt
|
class LetsEncrypt
|
||||||
{
|
{
|
||||||
const HTTP_OK = 200;
|
const HTTP_OK = 200;
|
||||||
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
|
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/testfile';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* create the file used to test the HTTP challenge
|
* create the file used to test the HTTP challenge
|
||||||
|
@ -28,56 +28,63 @@ class LetsEncrypt
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* perform a cURL call on the remote resource
|
* generate a CSR
|
||||||
* the cURL call follows redirections and pushes the last valid URL to an array
|
* @param string $vhost
|
||||||
* @param Array $domains list of domains
|
* @param Array $domains
|
||||||
* @return Array $checked_domains list of checked domains
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function checkRemoteResourceAvailability($domains)
|
public function makeCsr($vhost, $domains)
|
||||||
|
{
|
||||||
|
$domains = implode(' ', $domains);
|
||||||
|
$cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
|
||||||
|
|
||||||
|
sudoexec($cmd ,$data_output, $exec_return);
|
||||||
|
|
||||||
|
if ($exec_return == 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* perform a cURL call on the remote resource
|
||||||
|
* the cURL call follows redirections
|
||||||
|
* @param Array $domains list of domains
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function checkRemoteResourceAvailability($domain)
|
||||||
{
|
{
|
||||||
$this->createFileHttpChallenge();
|
$this->createFileHttpChallenge();
|
||||||
|
|
||||||
$curl_multi = curl_multi_init();
|
$curl_handler = curl_init();
|
||||||
$curl_handles = array();
|
|
||||||
$checked_domains = array();
|
|
||||||
|
|
||||||
foreach ($domains as $key => $domain) {
|
|
||||||
$curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
|
|
||||||
|
|
||||||
// setting cURL options
|
// setting cURL options
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
|
curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
|
curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
|
curl_setopt($curl_handler, CURLOPT_HEADER, true);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
|
curl_setopt($curl_handler, CURLOPT_NOBODY, true);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
|
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
|
curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
|
curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
|
||||||
curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
|
curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
|
||||||
|
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
|
||||||
|
|
||||||
curl_multi_add_handle($curl_multi, $curl_handles[$key]);
|
curl_exec($curl_handler);
|
||||||
}
|
|
||||||
|
|
||||||
do {
|
$returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
|
||||||
curl_multi_exec($curl_multi, $active);
|
$returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
|
||||||
} while ($active);
|
|
||||||
|
|
||||||
foreach ($curl_handles as $curl_handle) {
|
$this->deleteFileHttpChallenge();
|
||||||
$returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
|
|
||||||
$returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
|
|
||||||
|
|
||||||
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
|
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
|
||||||
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
|
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
|
||||||
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
|
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
|
||||||
|
|
||||||
array_push($checked_domains, $returned_http_url);
|
return true;
|
||||||
}
|
}
|
||||||
curl_multi_remove_handle($curl_multi, $curl_handle);
|
|
||||||
}
|
|
||||||
curl_multi_close($curl_multi);
|
|
||||||
|
|
||||||
$this->deleteFileHttpChallenge();
|
return false;
|
||||||
|
|
||||||
return $checked_domains;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -853,6 +853,9 @@ arg_processing() {
|
||||||
manage-http-challenge-file)
|
manage-http-challenge-file)
|
||||||
op_managehttpchallengefile "$@"
|
op_managehttpchallengefile "$@"
|
||||||
;;
|
;;
|
||||||
|
generate-csr)
|
||||||
|
op_makecsr "$@"
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
;;
|
;;
|
||||||
|
@ -860,16 +863,41 @@ arg_processing() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
op_makecsr() {
|
||||||
|
if [ $# -gt 1 ]; then
|
||||||
|
vhost="$1"
|
||||||
|
domains=""
|
||||||
|
|
||||||
|
# remove the first argument to keep only the domains
|
||||||
|
shift 1
|
||||||
|
|
||||||
|
for domain in "$@"; do
|
||||||
|
domains="${domains:+${domains} }${domain}"
|
||||||
|
done
|
||||||
|
|
||||||
|
# pipe the domains to make-csr because we don't have STDIN
|
||||||
|
echo "$domains" | make-csr "$vhost"
|
||||||
|
else usage
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
op_managehttpchallengefile() {
|
op_managehttpchallengefile() {
|
||||||
if [ $# -eq 1 ]; then
|
if [ $# -eq 1 ]; then
|
||||||
file="/var/lib/letsencrypt/.well-known/acme-challenge"
|
folder="/var/lib/letsencrypt/.well-known/acme-challenge"
|
||||||
|
file="testfile"
|
||||||
|
|
||||||
action=${1};
|
action=${1};
|
||||||
|
|
||||||
if [ "$action" = "create" ]; then
|
if [ "$action" = "create" ]; then
|
||||||
touch "$file"
|
if [ ! -d "$folder" ]; then
|
||||||
chmod 755 "$file"
|
mkdir "$folder"
|
||||||
|
fi
|
||||||
|
if [ ! -f "$folder/$file" ]; then
|
||||||
|
touch "$folder/$file"
|
||||||
|
fi
|
||||||
|
chmod -R 755 "$folder"
|
||||||
elif [ "$action" = "delete" ]; then
|
elif [ "$action" = "delete" ]; then
|
||||||
rm "$file"
|
rm -r "$folder"
|
||||||
else usage
|
else usage
|
||||||
fi
|
fi
|
||||||
else usage
|
else usage
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
if (isset($_POST['submit'])) {
|
if (isset($_POST['submit'])) {
|
||||||
if (!empty($error_message)) {
|
if (!empty($errorMessage)) {
|
||||||
echo '<span class="form-error">' . $error_message . '</span>';
|
echo '<span class="form-error">' . $errorMessage . '</span>';
|
||||||
|
|
||||||
if (count($failed_domains) > 0) {
|
if (count($failed_domains) > 0) {
|
||||||
echo '<p>';
|
echo '<p>';
|
||||||
|
@ -12,8 +12,18 @@ if (isset($_POST['submit'])) {
|
||||||
}
|
}
|
||||||
echo '</p>';
|
echo '</p>';
|
||||||
}
|
}
|
||||||
|
} elseif (!empty($warningMessage)) {
|
||||||
|
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
|
||||||
|
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
||||||
|
<p>
|
||||||
|
<input type="hidden" name="force_renew">
|
||||||
|
<input type="submit" name="submit" value="Confirmer le renouvellement" style="margin-left:0px;">
|
||||||
|
</p>
|
||||||
|
</form>
|
||||||
|
<?php
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
echo 'checks succeeded.';
|
echo "all checks succeeded";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
||||||
|
@ -24,7 +34,7 @@ if (isset($_POST['submit'])) {
|
||||||
}
|
}
|
||||||
echo '</p>';
|
echo '</p>';
|
||||||
?>
|
?>
|
||||||
<form name="form-confirm-delete-alias" id="form-confirm-delete-alias" action="" method="POST">
|
<form name="form-confirm-install-cert" id="form-confirm-install-cert" action="" method="POST">
|
||||||
<p><input type="submit" name="submit" value="Installer le certificat" style="margin-left:0px;"></p>
|
<p><input type="submit" name="submit" value="Installer le certificat" style="margin-left:0px;"></p>
|
||||||
</form>
|
</form>
|
||||||
<?php
|
<?php
|
||||||
|
|
Loading…
Reference in a new issue