From 9c9ffe1b5347bd8a9d9934b890ad5e3677255938 Mon Sep 17 00:00:00 2001
From: Nicolas Roman <nroman@evolix.fr>
Date: Wed, 10 Jul 2019 16:56:13 +0200
Subject: [PATCH] check if the domain IP correspond to the server IP

---
 lib/letsencrypt.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/letsencrypt.php b/lib/letsencrypt.php
index b355505..8040441 100644
--- a/lib/letsencrypt.php
+++ b/lib/letsencrypt.php
@@ -95,6 +95,7 @@ class LetsEncrypt
     public function checkDNSValidity($domains)
     {
         $valid_dns_domains = array();
+        $serverIP = exec("ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\\1/p'");
 
         foreach ($domains as $domain) {
             //FQDN syntax
@@ -102,7 +103,7 @@ class LetsEncrypt
             $dns_record_ipv4 = dns_get_record($domain, DNS_A);
             $dns_record_ipv6 = dns_get_record($domain, DNS_AAAA);
 
-            if ($dns_record_ipv4 || $dns_record_ipv6) {
+            if ($dns_record_ipv4[0]['ip'] === $serverIP || $dns_record_ipv6[0]['ip'] === $serverIP) {
                 // remove the last dot added for the FQDN syntax
                 $domain = rtrim($domain, '.');
                 array_push($valid_dns_domains, $domain);