evolix
/
evoadmin-web
18
0
Fork 1
Code Issues 33 Pull Requests 6 Releases 1 Wiki Activity

display expiration date of cert and included domains directly when clicking the letsencrypt link

This commit is contained in:
Nicolas Roman 2019-07-25 11:37:57 +02:00
parent a0f41b4b69
commit 3736f7ec32
2 changed files with 109 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
inc/webadmin-letsencrypt.php
View File

@ -28,84 +28,12 @@ if (!isset($_SESSION['lestencrypt-domains']) || empty($_SESSION['letsencrypt-dom
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
$letsencrypt = new letsencryt();
$errorMessage = '';
$warningMessage = '';
if (isset($_POST['submit'])) {
$letsencrypt = new letsencryt();
$errorMessage = '';
$warningMessage = '';
while (true) {
// check domains list
if (empty($_SESSION['letsencrypt-domains'])) {
$errorMessage = "Erreur : la liste des domaines est vide.";
break;
}
// check if evoacme is installed
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
if (!$binaries_installed) {
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
Veuillez contacter un administrateur.";
break;
}
// Check existing SSL certificate
$domainsIncluded = array();
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
// if no certificate is present (false returned) for this domain, go to the next domain
if (is_bool($existingSSLCertificate)) {
continue;
}
$parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
// check if LE is the certificate issuer
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
if (!$isIssuerValid) {
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
break 2; // break the foreach and the while
}
// check if the domain is already in the certificate
$isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
if ($isDomainIncluded) {
array_push($domainsIncluded, $domain);
continue; // break only the current foreach iteration
}
// check wether the certificate is valid or expired
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
if (!$îsCertValid && !isset($_POST['force_renew'])) {
$warningMessage = "Attention : le certificat existant n'est plus valide.
Souhaitez-vous le renouveller ?";
break 2;
}
}
// contains all the domains included in the existing certificate
if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
if (empty($domainsNotIncluded)) {
$errorMessage = "Erreur : le certificat existant couvre déjà tous les domaines.";
break;
}
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) :<br>";
foreach ($domainsIncluded as $domainIncluded) {
$warningMessage .= $domainIncluded . "<br>";
}
$warningMessage .= "<br><strong>En confirmant le renouvellement, vous allez ajouter :</strong><br>";
foreach ($domainsNotIncluded as $domainNotIncluded) {
$warningMessage .= $domainNotIncluded . "<br>";
}
break;
}
// check HTTP
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
@ -154,6 +82,84 @@ if (isset($_POST['submit'])) {
break;
}
} else {
$validUntil = '';
while(true) {
// check domains list
if (empty($_SESSION['letsencrypt-domains'])) {
$errorMessage = "Erreur : la liste des domaines est vide.";
break;
}
// check if evoacme is installed
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
if (!$binaries_installed) {
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
Veuillez contacter un administrateur.";
break;
}
// Check existing SSL certificate
$domainsIncluded = array();
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
// if no certificate is present (false returned) for this domain, go to the next domain
if (is_bool($existingSSLCertificate)) {
continue;
}
$parsedCertificate = $letsencrypt->parseCertificate($existingSSLCertificate);
// check if LE is the certificate issuer
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
if (!$isIssuerValid) {
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
break 2; // break the foreach and the while
}
// check wether the certificate is valid or expired
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
if (!$isCertValid && !isset($_POST['force_renew'])) {
$warningMessage = "Attention : le certificat existant n'est plus valide.
Souhaitez-vous le renouveller ?";
break 2;
} else {
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
}
// check if the domain is already in the certificate
$isDomainIncluded = $letsencrypt->isDomainIncludedInCert($domain, $parsedCertificate["includedDomains"]);
if ($isDomainIncluded) {
array_push($domainsIncluded, $domain);
continue; // break only the current foreach iteration
}
}
// contains all the domains included in the existing certificate
if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
if (empty($domainsNotIncluded)) {
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
break;
}
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
foreach ($domainsIncluded as $domainIncluded) {
$warningMessage .= $domainIncluded . "<br>";
}
$warningMessage .= "<br><strong>En confirmant le renouvellement, vous allez ajouter :</strong><br>";
foreach ($domainsNotIncluded as $domainNotIncluded) {
$warningMessage .= $domainNotIncluded . "<br>";
}
break;
}
}
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';

20
tpl/webadmin-letsencrypt.tpl.php
View File

@ -2,6 +2,20 @@
<?php
if (isset($_POST['submit'])) {
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
if (count($failed_domains) > 0) {
echo '<p>';
foreach ($failed_domains as $failed_domain) {
echo $failed_domain . "<br>";
}
echo '</p>';
}
} else {
echo "Votre certificat SSL a bien été installé !";
}
} else {
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
@ -17,14 +31,11 @@ if (isset($_POST['submit'])) {
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
<p>
<input type="hidden" name="force_renew">
<input type="submit" name="submit" value="Confirmer le renouvellement" style="margin-left:0px;">
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
</p>
</form>
<?php
} else {
echo "Votre certificat SSL a bien été installé !";
}
} else {
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
if (count($_SESSION['letsencrypt-domains']) > 0) {
echo '<p>';
@ -38,4 +49,5 @@ if (isset($_POST['submit'])) {
</form>
<?php
}
}
}