Skip to content

Commit 49a081d

Browse files
author
Marius Burkard
committed
- revert CAA checks from !1128 until we have a solid method for getting the correct CAA domain from a host name
1 parent 98ba3c4 commit 49a081d

File tree

1 file changed

+5
-30
lines changed

1 file changed

+5
-30
lines changed

server/lib/classes/letsencrypt.inc.php

Lines changed: 5 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -373,38 +373,13 @@ public function request_certificates($data, $server_type = 'apache') {
373373
if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) {
374374
$le_domains[] = $temp_domain;
375375
} else {
376-
//check caa-record
377-
$caa_check = false;
378-
$caa_domain = $temp_domain;
379-
$count = substr_count($caa_domain, '.');
380-
if($count === 2) {
381-
if(strlen(explode('.', $caa_domain)[1]) > 3) {
382-
$caa_domain = explode('.', $caa_domain, 2)[1];
383-
}
384-
} else if($count > 2) {
385-
$caa_domain = get_domain(explode('.', $caa_domain, 2)[1]);
386-
}
387-
$caa_records = @dns_get_record($caa_domain, DNS_CAA); // requieres PHP 7.0.16, 7.1.2
388-
if(is_array($caa_records) && !empty($caa_records)) {
389-
foreach ($caa_records as $record) {
390-
if($record['value'] == 'letsencrypt.org') $caa_check = true;
391-
}
392-
} else {
393-
$caa_check = true;
394-
}
395-
396-
if($caa_check === true) {
397-
$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
398-
if($le_hash_check == $le_rnd_hash) {
399-
$le_domains[] = $temp_domain;
400-
$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
401-
} else {
402-
$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
403-
}
376+
$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
377+
if($le_hash_check == $le_rnd_hash) {
378+
$le_domains[] = $temp_domain;
379+
$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
404380
} else {
405-
$app->log("Incomplete CAA-Records for " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
381+
$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
406382
}
407-
408383
}
409384
}
410385
$temp_domains = $le_domains;

0 commit comments

Comments
 (0)