Compare commits
6 commits
master
...
letsencryp
Author | SHA1 | Date | |
---|---|---|---|
b171a025db | |||
bbc8558d6d | |||
0fdc6d0855 | |||
b60bd7a115 | |||
ea352a045a | |||
eeb2ac4bd0 |
|
@ -144,6 +144,11 @@ span.form-warning {
|
||||||
margin-left: 4px;
|
margin-left: 4px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
span.form-notice {
|
||||||
|
color: #009B85;
|
||||||
|
margin-left: 4px;
|
||||||
|
}
|
||||||
|
|
||||||
span.form-mandatory {
|
span.form-mandatory {
|
||||||
color: red;
|
color: red;
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,14 +32,21 @@ $letsencrypt = new letsencryt();
|
||||||
$errorMessage = '';
|
$errorMessage = '';
|
||||||
$warningMessage = '';
|
$warningMessage = '';
|
||||||
|
|
||||||
|
// it's an array if we want to display multiple messages in the future
|
||||||
|
$messages = array();
|
||||||
|
|
||||||
if (isset($_POST['submit'])) {
|
if (isset($_POST['submit'])) {
|
||||||
while (true) {
|
while (true) {
|
||||||
// check HTTP
|
// check HTTP
|
||||||
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
|
||||||
|
|
||||||
if (!$isRemoteResourceAvailable) {
|
if (!$isRemoteResourceAvailable) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
|
||||||
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -48,8 +55,12 @@ if (isset($_POST['submit'])) {
|
||||||
|
|
||||||
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
|
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $valid_domains);
|
||||||
if (!empty($failed_domains)) {
|
if (!empty($failed_domains)) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
$errorMessage = "Erreur : La vérification DNS a échoué.<br>
|
||||||
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
Merci de vérifier les enregistrements de type A et AAAA pour les domaine(s) suivant(s) :";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,8 +68,12 @@ if (isset($_POST['submit'])) {
|
||||||
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
|
||||||
|
|
||||||
if (!$isCsrGenerated) {
|
if (!$isCsrGenerated) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
$errorMessage = "Erreur : La génération de demande de certificat a échoué.<br>
|
||||||
Merci de contacter un administrateur pour continuer.";
|
Merci de contacter un administrateur pour continuer.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -66,8 +81,12 @@ if (isset($_POST['submit'])) {
|
||||||
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
|
$testGenerateCert = $letsencrypt->generateSSLCertificate($params[1]);
|
||||||
|
|
||||||
if (!$testGenerateCert) {
|
if (!$testGenerateCert) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
$errorMessage = "Erreur : La génération de certificat en mode TEST a échoué.<br>
|
||||||
Merci de contacter un administrateur pour continuer.";
|
Merci de contacter un administrateur pour continuer.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,8 +94,12 @@ if (isset($_POST['submit'])) {
|
||||||
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
|
$generateCert = $letsencrypt->generateSSLCertificate($params[1], false);
|
||||||
|
|
||||||
if (!$generateCert) {
|
if (!$generateCert) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
$errorMessage = "Erreur : La génération de certificat a échoué.<br>
|
||||||
Merci de contacter un administrateur pour continuer.";
|
Merci de contacter un administrateur pour continuer.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -88,21 +111,39 @@ if (isset($_POST['submit'])) {
|
||||||
while(true) {
|
while(true) {
|
||||||
// check domains list
|
// check domains list
|
||||||
if (empty($_SESSION['letsencrypt-domains'])) {
|
if (empty($_SESSION['letsencrypt-domains'])) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : la liste des domaines est vide.";
|
$errorMessage = "Erreur : la liste des domaines est vide.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if evoacme is installed
|
// check if evoacme is installed
|
||||||
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
|
$binaries_installed = $letsencrypt->isEvoacmeInstalled();
|
||||||
if (!$binaries_installed) {
|
if (!$binaries_installed) {
|
||||||
|
|
||||||
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
|
$errorMessage = "Erreur : les binaires Evoacme ne sont pas installés.
|
||||||
Veuillez contacter un administrateur.";
|
Veuillez contacter un administrateur.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check existing SSL certificate
|
// Check existing SSL certificate
|
||||||
$domainsIncluded = array();
|
$domainsIncluded = array();
|
||||||
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
|
||||||
|
|
||||||
|
$isDomainReal = $letsencrypt->isDomainReal($domain);
|
||||||
|
|
||||||
|
if ($isDomainReal === false) {
|
||||||
|
$errorMessage = "Erreur : le domaine <strong>" . $domain . "</strong> n'existe pas. Veuillez vérifier les enregistrements DNS.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
break 2;
|
||||||
|
}
|
||||||
|
|
||||||
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
|
||||||
// if no certificate is present (false returned) for this domain, go to the next domain
|
// if no certificate is present (false returned) for this domain, go to the next domain
|
||||||
if (is_bool($existingSSLCertificate)) {
|
if (is_bool($existingSSLCertificate)) {
|
||||||
|
@ -113,7 +154,11 @@ if (isset($_POST['submit'])) {
|
||||||
// check if LE is the certificate issuer
|
// check if LE is the certificate issuer
|
||||||
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
|
$isIssuerValid = $letsencrypt->isCertIssuedByLetsEncrypt($parsedCertificate["issuer"]);
|
||||||
if (!$isIssuerValid) {
|
if (!$isIssuerValid) {
|
||||||
$errorMessage = "Erreur : le certificat existant n'est pas géré par Let's Encrypt.";
|
|
||||||
|
$errorMessage = "Erreur : le certificat existant pour <strong>" . $domain . "</strong> n'est pas géré par Let's Encrypt.";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "error", "content" => $errorMessage]);
|
||||||
|
|
||||||
break 2; // break the foreach and the while
|
break 2; // break the foreach and the while
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,8 +166,12 @@ if (isset($_POST['submit'])) {
|
||||||
|
|
||||||
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
|
||||||
if (!$isCertValid && !isset($_POST['force_renew'])) {
|
if (!$isCertValid && !isset($_POST['force_renew'])) {
|
||||||
$warningMessage = "Attention : le certificat existant n'est plus valide.
|
|
||||||
|
$warningMessage = "Attention : le certificat existant pour <strong>" . $domain . "</strong> n'est plus valide.
|
||||||
Souhaitez-vous le renouveller ?";
|
Souhaitez-vous le renouveller ?";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
|
||||||
|
|
||||||
break 2;
|
break 2;
|
||||||
} else {
|
} else {
|
||||||
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
|
$validUntil = date("d/m/Y", $parsedCertificate["validUntil"]);
|
||||||
|
@ -141,10 +190,15 @@ if (isset($_POST['submit'])) {
|
||||||
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
|
||||||
|
|
||||||
if (empty($domainsNotIncluded)) {
|
if (empty($domainsNotIncluded)) {
|
||||||
$errorMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
|
|
||||||
|
$noticeMessage = "Le certificat existant couvre déjà tous les domaines jusqu'au " . $validUntil . ".";
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "notice", "content" => $noticeMessage]);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
|
$warningMessage = "Attention : le certificat existant couvre déjà le(s) domaine(s) jusqu'au " . $validUntil . " :<br>";
|
||||||
|
|
||||||
foreach ($domainsIncluded as $domainIncluded) {
|
foreach ($domainsIncluded as $domainIncluded) {
|
||||||
|
@ -157,9 +211,14 @@ if (isset($_POST['submit'])) {
|
||||||
$warningMessage .= $domainNotIncluded . "<br>";
|
$warningMessage .= $domainNotIncluded . "<br>";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
array_push($messages, ["type" => "warning", "content" => $warningMessage]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';
|
||||||
|
|
|
@ -27,6 +27,20 @@ class LetsEncrypt
|
||||||
sudoexec($cmd, $data_output, $exec_return);
|
sudoexec($cmd, $data_output, $exec_return);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* verify if the domain exists
|
||||||
|
* @param string $domain
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function isDomainReal($domain)
|
||||||
|
{
|
||||||
|
if (checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA')) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* generate a CSR
|
* generate a CSR
|
||||||
* @param string $vhost
|
* @param string $vhost
|
||||||
|
|
|
@ -1,41 +1,39 @@
|
||||||
<h2>Gestion Let's Encrypt</h2>
|
<h2>Gestion Let's Encrypt</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
if (isset($_POST['submit'])) {
|
if (!empty($messages)) {
|
||||||
if (!empty($errorMessage)) {
|
foreach($messages as $message) {
|
||||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
switch ($message["type"]) {
|
||||||
|
case "error":
|
||||||
|
echo '<span class="form-error">' . $message["content"] . '</span>';
|
||||||
|
|
||||||
if (count($failed_domains) > 0) {
|
if (count($failed_domains) > 0) {
|
||||||
echo '<p>';
|
echo '<p>';
|
||||||
foreach ($failed_domains as $failed_domain) {
|
foreach ($failed_domains as $failed_domain) {
|
||||||
echo $failed_domain . "<br>";
|
echo $failed_domain . "<br>";
|
||||||
}
|
}
|
||||||
echo '</p>';
|
echo '</p>';
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "warning":
|
||||||
|
echo '<span class="form-warning">' . $message["content"] . '</span>'; ?>
|
||||||
|
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
||||||
|
<p>
|
||||||
|
<input type="hidden" name="force_renew">
|
||||||
|
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
|
||||||
|
</p>
|
||||||
|
</form>
|
||||||
|
<?php
|
||||||
|
break;
|
||||||
|
case "notice":
|
||||||
|
echo '<span class="form-notice">' . $message["content"] . '</span>';
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
echo "Votre certificat SSL a bien été installé !";
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (!empty($errorMessage)) {
|
if (!isset($_POST["submit"])) {
|
||||||
echo '<span class="form-error">' . $errorMessage . '</span>';
|
|
||||||
|
|
||||||
if (count($failed_domains) > 0) {
|
|
||||||
echo '<p>';
|
|
||||||
foreach ($failed_domains as $failed_domain) {
|
|
||||||
echo $failed_domain . "<br>";
|
|
||||||
}
|
|
||||||
echo '</p>';
|
|
||||||
}
|
|
||||||
} elseif (!empty($warningMessage)) {
|
|
||||||
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
|
|
||||||
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
|
|
||||||
<p>
|
|
||||||
<input type="hidden" name="force_renew">
|
|
||||||
<input type="submit" name="submit" value="Confirmer l'installation" style="margin-left:0px;">
|
|
||||||
</p>
|
|
||||||
</form>
|
|
||||||
<?php
|
|
||||||
} else {
|
|
||||||
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
|
||||||
if (count($_SESSION['letsencrypt-domains']) > 0) {
|
if (count($_SESSION['letsencrypt-domains']) > 0) {
|
||||||
echo '<p>';
|
echo '<p>';
|
||||||
|
@ -49,5 +47,7 @@ if (isset($_POST['submit'])) {
|
||||||
</form>
|
</form>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
echo "<span class='form-notice'>Votre certificat SSL a bien été installé !</span>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue