Compare commits

...

6 Commits

Author SHA1 Message Date
Nicolas Roman b171a025db add corresponding domain in some error messages 2019-07-31 17:49:38 +02:00
Nicolas Roman bbc8558d6d moving it back, nothing to see here 2019-07-30 17:27:08 +02:00
Nicolas Roman 0fdc6d0855 move final success message out of the view with the other messages 2019-07-30 17:24:17 +02:00
Nicolas Roman b60bd7a115 added isDomainReal function to test beforehand if the domain has an A or AAAA record 2019-07-30 17:03:47 +02:00
Nicolas Roman ea352a045a using a more flexible message system with types and content 2019-07-30 16:31:35 +02:00
Nicolas Roman eeb2ac4bd0 fix break loop after SSL checks 2019-07-30 11:18:42 +02:00
4 changed files with 112 additions and 34 deletions

View File

@ -144,6 +144,11 @@ span.form-warning {
margin-left: 4px;
}
span.form-notice {
color: #009B85;
margin-left: 4px;
}
span.form-mandatory {
color: red;
}

View File

@ -32,14 +32,21 @@ $letsencrypt = new letsencryt();
$errorMessage = '';
$warningMessage = '';
// it's an array if we want to display multiple messages in the future
$messages = array();
if (isset($_POST['submit'])) {
while (true) {
// check HTTP
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
if (!$isRemoteResourceAvailable) {
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
@ -48,8 +55,12 @@ if (isset($_POST['submit'])) {
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
if (!empty($failed_domains)) {
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
@ -57,8 +68,12 @@ if (isset($_POST['submit'])) {
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
if (!$isCsrGenerated) {
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
Merci de contacter un administrateur pour continuer.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
@ -66,8 +81,12 @@ if (isset($_POST['submit'])) {
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
if (!$testGenerateCert) {
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
Merci de contacter un administrateur pour continuer.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
@ -75,8 +94,12 @@ if (isset($_POST['submit'])) {
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
if (!$generateCert) {
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
Merci de contacter un administrateur pour continuer.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
@ -88,21 +111,39 @@ if (isset($_POST['submit'])) {
while(true) {
// check domains list
if (empty($_SESSION['letsencrypt-domains'])) {
$errorMessage = "Erreur : la liste des domaines est vide.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
// check if evoacme is installed
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
if (!$binaries_installed) {
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
Veuillez contacter un administrateur.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break;
}
// Check existing SSL certificate
$domainsIncluded = array();
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
$isDomainReal = $letsencrypt->isDomainReal($domain);
if ($isDomainReal === false) {
$errorMessage = "Erreur : le domaine <strong>" . $domain . "</strong> n'existe pas. Veuillez vérifier les enregistrements DNS.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break 2;
}
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
// if no certificate is present (false returned) for this domain, go to the next domain
if (is_bool($existingSSLCertificate)) {
@ -113,7 +154,11 @@ if (isset($_POST['submit'])) {
// check if LE is the certificate issuer
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
if (!$isIssuerValid) {
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
$errorMessage = "Erreur : le certificat existant pour <strong>" . $domain . "</strong> n'est pas géré par Let's Encrypt.";
array_push($messages, ["type" => "error", "content" => $errorMessage]);
break 2; // break the foreach and the while
}
@ -121,8 +166,12 @@ if (isset($_POST['submit'])) {
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
if (!$isCertValid && !isset($_POST['force_renew'])) {
$warningMessage = "Attention : le certificat existant n'est plus valide.
$warningMessage = "Attention : le certificat existant pour <strong>" . $domain . "</strong> n'est plus valide.
Souhaitez-vous le renouveller ?";
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
break 2;
} else {
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
@ -141,10 +190,15 @@ if (isset($_POST['submit'])) {
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
if (empty($domainsNotIncluded)) {
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
$noticeMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
array_push($messages, ["type" => "notice", "content" => $noticeMessage]);
break;
}
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
foreach ($domainsIncluded as $domainIncluded) {
@ -157,9 +211,14 @@ if (isset($_POST['submit'])) {
$warningMessage .= $domainNotIncluded . "<br>";
}
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
break;
}
break;
}
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';

View File

@ -27,6 +27,20 @@ class LetsEncrypt
sudoexec($cmd, $data_output, $exec_return);
}
/**
* verify if the domain exists
* @param string $domain
* @return boolean
*/
public function isDomainReal($domain)
{
if (checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA')) {
return true;
}
return false;
}
/**
* generate a CSR
* @param string $vhost

View File

@ -1,41 +1,39 @@
<h2>Gestion Let's Encrypt</h2>
<?php
if (isset($_POST['submit'])) {
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
if (!empty($messages)) {
foreach($messages as $message) {
switch ($message["type"]) {
case "error":
echo '<span class="form-error">' . $message["content"] . '</span>';
if (count($failed_domains) > 0) {
echo '<p>';
foreach ($failed_domains as $failed_domain) {
echo $failed_domain . "<br>";
}
echo '</p>';
if (count($failed_domains) > 0) {
echo '<p>';
foreach ($failed_domains as $failed_domain) {
echo $failed_domain . "<br>";
}
echo '</p>';
}
break;
case "warning":
echo '<span class="form-warning">' . $message["content"] . '</span>'; ?>
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
<p>
<input type="hidden" name="force_renew">
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
</p>
</form>
<?php
break;
case "notice":
echo '<span class="form-notice">' . $message["content"] . '</span>';
break;
default:
break;
}
} else {
echo "Votre certificat SSL a bien été installé !";
}
} else {
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
if (count($failed_domains) > 0) {
echo '<p>';
foreach ($failed_domains as $failed_domain) {
echo $failed_domain . "<br>";
}
echo '</p>';
}
} elseif (!empty($warningMessage)) {
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
<p>
<input type="hidden" name="force_renew">
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
</p>
</form>
<?php
} else {
if (!isset($_POST["submit"])) {
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
if (count($_SESSION['letsencrypt-domains']) > 0) {
echo '<p>';
@ -49,5 +47,7 @@ if (isset($_POST['submit'])) {
</form>
<?php
}
} else {
echo "<span class='form-notice'>Votre certificat SSL a bien été installé !</span>";
}
}