Hacky BIND modification seems not to be needed, just run the acme.sh command in the background and the next server cron will create the needed DNS records (#4202)

Thom · Thom · commit 1b3a56b0c482 · 2023-02-13T18:02:19.000+01:00
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
@@ -499,7 +499,8 @@ public function request_certificates($data, $server_type = 'apache') {
 				$app->log("Let's Encrypt SSL Cert domains: $cli_domain_arg", LOGLEVEL_DEBUG);
 
 				if ($use_acme && $global_sites_config['acme_dns_user'] != '' && $dns_server_id == $conf["server_id"]) {
-					$firstrun = true;
+					$success = $app->system->_exec("(" . $letsencrypt_cmd . ") > /dev/null &", $allow_return_codes); // the code below seems not be needed, written on 13-02-2023. It can be removed if acme.sh with DNS-01 verification works well on single server setups.
+					/*$firstrun = true;
 					$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns');
 					$zonefile = $dns_config['bind_zonefiles_dir'].'/'. "pri." . $zonedomain;
 					$datalogfound = false;
@@ -511,12 +512,12 @@ public function request_certificates($data, $server_type = 'apache') {
 						$sql = "SELECT data FROM sys_datalog,server WHERE sys_datalog.server_id = \"1\" AND sys_datalog.datalog_id > server.updated AND sys_datalog.dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%'";
 						$datalogs = $app->dbmaster->queryAllRecords($sql);
 						if (is_array($datalogs)) {
-							$app->log("Found datalog for acme-challenge, appending to zonefile.", LOGLEVEL_DEBUG);
 							foreach ($datalogs as $datalog) {
 								$datalog = unserialize($datalog['data']);
 								$hostname = $datalog['new']['name'];
 								$data = $datalog['new']['data'];
 								$record = "\n" . $hostname . "." . $zonedomain . "." . " 3600      TXT        \"" . $data . "\"";
+								$app->log("Found datalog for acme-challenge, appending to zonefile with record: " . $record, LOGLEVEL_DEBUG);
 								$app->system->file_put_contents($zonefile, $record);
 							}
 							$app->services->registerService('bind', 'dns_module', 'restartBind');
@@ -529,7 +530,7 @@ public function request_certificates($data, $server_type = 'apache') {
 							$app->log("Can not find the datalog for the acme-challenge yet, waiting 20 seconds.", LOGLEVEL_DEBUG);
 							sleep(20);
 						}
-					}
+					}*/
 				} else {
 					$success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes);
 				}
