|
|
@ -28,12 +28,64 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom |
|
|
|
include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; |
|
|
|
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; |
|
|
|
|
|
|
|
if (isset($_POST['submit'])) { |
|
|
|
$letsencrypt = new letsencryt(); |
|
|
|
$errorMessage = ''; |
|
|
|
$warningMessage = ''; |
|
|
|
$letsencrypt = new letsencryt(); |
|
|
|
$errorMessage = ''; |
|
|
|
$warningMessage = ''; |
|
|
|
|
|
|
|
if (isset($_POST['submit'])) { |
|
|
|
while (true) { |
|
|
|
// check HTTP
|
|
|
|
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]); |
|
|
|
|
|
|
|
if (!$isRemoteResourceAvailable) { |
|
|
|
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
|
|
|
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// check DNS
|
|
|
|
$valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']); |
|
|
|
|
|
|
|
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains); |
|
|
|
if (!empty($failed_domains)) { |
|
|
|
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
|
|
|
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// make csr
|
|
|
|
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']); |
|
|
|
|
|
|
|
if (!$isCsrGenerated) { |
|
|
|
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
|
|
|
Merci de contacter un administrateur pour continuer.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// evoacme TEST
|
|
|
|
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]); |
|
|
|
|
|
|
|
if (!$testGenerateCert) { |
|
|
|
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
|
|
|
Merci de contacter un administrateur pour continuer.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// evoacme
|
|
|
|
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false); |
|
|
|
|
|
|
|
if (!$generateCert) { |
|
|
|
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
|
|
|
Merci de contacter un administrateur pour continuer.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
} |
|
|
|
} else { |
|
|
|
$validUntil = ''; |
|
|
|
|
|
|
|
while(true) { |
|
|
|
// check domains list
|
|
|
|
if (empty($_SESSION['letsencrypt-domains'])) { |
|
|
|
$errorMessage = "Erreur : la liste des domaines est vide."; |
|
|
@ -65,19 +117,22 @@ if (isset($_POST['submit'])) { |
|
|
|
break 2; // break the foreach and the while
|
|
|
|
} |
|
|
|
|
|
|
|
// check if the domain is already in the certificate
|
|
|
|
$isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]); |
|
|
|
if ($isDomainIncluded) { |
|
|
|
array_push($domainsIncluded, $domain); |
|
|
|
continue; // break only the current foreach iteration
|
|
|
|
} |
|
|
|
|
|
|
|
// check wether the certificate is valid or expired
|
|
|
|
|
|
|
|
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]); |
|
|
|
if (!$îsCertValid && !isset($_POST['force_renew'])) { |
|
|
|
if (!$isCertValid && !isset($_POST['force_renew'])) { |
|
|
|
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
|
|
|
Souhaitez-vous le renouveller ?";
|
|
|
|
break 2; |
|
|
|
} else { |
|
|
|
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]); |
|
|
|
} |
|
|
|
|
|
|
|
// check if the domain is already in the certificate
|
|
|
|
$isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]); |
|
|
|
if ($isDomainIncluded) { |
|
|
|
array_push($domainsIncluded, $domain); |
|
|
|
continue; // break only the current foreach iteration
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
@ -86,11 +141,11 @@ if (isset($_POST['submit'])) { |
|
|
|
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded); |
|
|
|
|
|
|
|
if (empty($domainsNotIncluded)) { |
|
|
|
$errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines."; |
|
|
|
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . "."; |
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) :<br>"; |
|
|
|
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>"; |
|
|
|
|
|
|
|
foreach ($domainsIncluded as $domainIncluded) { |
|
|
|
$warningMessage .= $domainIncluded . "<br>"; |
|
|
@ -102,57 +157,8 @@ if (isset($_POST['submit'])) { |
|
|
|
$warningMessage .= $domainNotIncluded . "<br>"; |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// check HTTP
|
|
|
|
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]); |
|
|
|
|
|
|
|
if (!$isRemoteResourceAvailable) { |
|
|
|
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
|
|
|
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// check DNS
|
|
|
|
$valid_domains = $letsencrypt->checkDNSValidity($_SESSION['letsencrypt-domains']); |
|
|
|
|
|
|
|
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains); |
|
|
|
if (!empty($failed_domains)) { |
|
|
|
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
|
|
|
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// make csr
|
|
|
|
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']); |
|
|
|
|
|
|
|
if (!$isCsrGenerated) { |
|
|
|
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
|
|
|
Merci de contacter un administrateur pour continuer.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// evoacme TEST
|
|
|
|
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]); |
|
|
|
|
|
|
|
if (!$testGenerateCert) { |
|
|
|
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
|
|
|
Merci de contacter un administrateur pour continuer.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// evoacme
|
|
|
|
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false); |
|
|
|
|
|
|
|
if (!$generateCert) { |
|
|
|
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
|
|
|
Merci de contacter un administrateur pour continuer.";
|
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|