Compare commits
6 Commits
master
...
letsencryp
Author | SHA1 | Date |
---|---|---|
Nicolas Roman | b171a025db | |
Nicolas Roman | bbc8558d6d | |
Nicolas Roman | 0fdc6d0855 | |
Nicolas Roman | b60bd7a115 | |
Nicolas Roman | ea352a045a | |
Nicolas Roman | eeb2ac4bd0 |
|
@ -144,6 +144,11 @@ span.form-warning {
|
|||
margin-left: 4px;
|
||||
}
|
||||
|
||||
span.form-notice {
|
||||
color: #009B85;
|
||||
margin-left: 4px;
|
||||
}
|
||||
|
||||
span.form-mandatory {
|
||||
color: red;
|
||||
}
|
||||
|
|
|
@ -32,14 +32,21 @@ $letsencrypt = new letsencryt();
|
|||
$errorMessage = '';
|
||||
$warningMessage = '';
|
||||
|
||||
// it's an array if we want to display multiple messages in the future
|
||||
$messages = array();
|
||||
|
||||
if (isset($_POST['submit'])) {
|
||||
while (true) {
|
||||
// check HTTP
|
||||
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
||||
|
||||
if (!$isRemoteResourceAvailable) {
|
||||
|
||||
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
||||
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -48,8 +55,12 @@ if (isset($_POST['submit'])) {
|
|||
|
||||
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
|
||||
if (!empty($failed_domains)) {
|
||||
|
||||
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
||||
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -57,8 +68,12 @@ if (isset($_POST['submit'])) {
|
|||
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
||||
|
||||
if (!$isCsrGenerated) {
|
||||
|
||||
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
||||
Merci de contacter un administrateur pour continuer.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -66,8 +81,12 @@ if (isset($_POST['submit'])) {
|
|||
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
|
||||
|
||||
if (!$testGenerateCert) {
|
||||
|
||||
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
||||
Merci de contacter un administrateur pour continuer.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -75,8 +94,12 @@ if (isset($_POST['submit'])) {
|
|||
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
|
||||
|
||||
if (!$generateCert) {
|
||||
|
||||
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
||||
Merci de contacter un administrateur pour continuer.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -88,21 +111,39 @@ if (isset($_POST['submit'])) {
|
|||
while(true) {
|
||||
// check domains list
|
||||
if (empty($_SESSION['letsencrypt-domains'])) {
|
||||
|
||||
$errorMessage = "Erreur : la liste des domaines est vide.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
// check if evoacme is installed
|
||||
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
|
||||
if (!$binaries_installed) {
|
||||
|
||||
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
|
||||
Veuillez contacter un administrateur.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
// Check existing SSL certificate
|
||||
$domainsIncluded = array();
|
||||
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
||||
|
||||
$isDomainReal = $letsencrypt->isDomainReal($domain);
|
||||
|
||||
if ($isDomainReal === false) {
|
||||
$errorMessage = "Erreur : le domaine <strong>" . $domain . "</strong> n'existe pas. Veuillez vérifier les enregistrements DNS.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
break 2;
|
||||
}
|
||||
|
||||
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
||||
// if no certificate is present (false returned) for this domain, go to the next domain
|
||||
if (is_bool($existingSSLCertificate)) {
|
||||
|
@ -113,7 +154,11 @@ if (isset($_POST['submit'])) {
|
|||
// check if LE is the certificate issuer
|
||||
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
|
||||
if (!$isIssuerValid) {
|
||||
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
|
||||
|
||||
$errorMessage = "Erreur : le certificat existant pour <strong>" . $domain . "</strong> n'est pas géré par Let's Encrypt.";
|
||||
|
||||
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||
|
||||
break 2; // break the foreach and the while
|
||||
}
|
||||
|
||||
|
@ -121,8 +166,12 @@ if (isset($_POST['submit'])) {
|
|||
|
||||
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
||||
if (!$isCertValid && !isset($_POST['force_renew'])) {
|
||||
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
||||
|
||||
$warningMessage = "Attention : le certificat existant pour <strong>" . $domain . "</strong> n'est plus valide.
|
||||
Souhaitez-vous le renouveller ?";
|
||||
|
||||
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
|
||||
|
||||
break 2;
|
||||
} else {
|
||||
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
|
||||
|
@ -141,10 +190,15 @@ if (isset($_POST['submit'])) {
|
|||
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
||||
|
||||
if (empty($domainsNotIncluded)) {
|
||||
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
|
||||
|
||||
$noticeMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
|
||||
|
||||
array_push($messages, ["type" => "notice", "content" => $noticeMessage]);
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
|
||||
|
||||
foreach ($domainsIncluded as $domainIncluded) {
|
||||
|
@ -157,9 +211,14 @@ if (isset($_POST['submit'])) {
|
|||
$warningMessage .= $domainNotIncluded . "<br>";
|
||||
}
|
||||
|
||||
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
|
||||
break;
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
||||
|
|
|
@ -27,6 +27,20 @@ class LetsEncrypt
|
|||
sudoexec($cmd, $data_output, $exec_return);
|
||||
}
|
||||
|
||||
/**
|
||||
* verify if the domain exists
|
||||
* @param string $domain
|
||||
* @return boolean
|
||||
*/
|
||||
public function isDomainReal($domain)
|
||||
{
|
||||
if (checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* generate a CSR
|
||||
* @param string $vhost
|
||||
|
|
|
@ -1,41 +1,39 @@
|
|||
<h2>Gestion Let's Encrypt</h2>
|
||||
|
||||
<?php
|
||||
if (isset($_POST['submit'])) {
|
||||
if (!empty($errorMessage)) {
|
||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
||||
if (!empty($messages)) {
|
||||
foreach($messages as $message) {
|
||||
switch ($message["type"]) {
|
||||
case "error":
|
||||
echo '<span class="form-error">' . $message["content"] . '</span>';
|
||||
|
||||
if (count($failed_domains) > 0) {
|
||||
echo '<p>';
|
||||
foreach ($failed_domains as $failed_domain) {
|
||||
echo $failed_domain . "<br>";
|
||||
}
|
||||
echo '</p>';
|
||||
if (count($failed_domains) > 0) {
|
||||
echo '<p>';
|
||||
foreach ($failed_domains as $failed_domain) {
|
||||
echo $failed_domain . "<br>";
|
||||
}
|
||||
echo '</p>';
|
||||
}
|
||||
break;
|
||||
case "warning":
|
||||
echo '<span class="form-warning">' . $message["content"] . '</span>'; ?>
|
||||
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
||||
<p>
|
||||
<input type="hidden" name="force_renew">
|
||||
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
|
||||
</p>
|
||||
</form>
|
||||
<?php
|
||||
break;
|
||||
case "notice":
|
||||
echo '<span class="form-notice">' . $message["content"] . '</span>';
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
echo "Votre certificat SSL a bien été installé !";
|
||||
}
|
||||
} else {
|
||||
if (!empty($errorMessage)) {
|
||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
||||
|
||||
if (count($failed_domains) > 0) {
|
||||
echo '<p>';
|
||||
foreach ($failed_domains as $failed_domain) {
|
||||
echo $failed_domain . "<br>";
|
||||
}
|
||||
echo '</p>';
|
||||
}
|
||||
} elseif (!empty($warningMessage)) {
|
||||
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
|
||||
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
||||
<p>
|
||||
<input type="hidden" name="force_renew">
|
||||
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
|
||||
</p>
|
||||
</form>
|
||||
<?php
|
||||
} else {
|
||||
if (!isset($_POST["submit"])) {
|
||||
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
||||
if (count($_SESSION['letsencrypt-domains']) > 0) {
|
||||
echo '<p>';
|
||||
|
@ -49,5 +47,7 @@ if (isset($_POST['submit'])) {
|
|||
</form>
|
||||
<?php
|
||||
}
|
||||
} else {
|
||||
echo "<span class='form-notice'>Votre certificat SSL a bien été installé !</span>";
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue