Skip to content

Commit 551d9a6

Browse files
author
Marius Burkard
committed
- disable SSL/LE if letsencrypt could not issue certificate (verification problems etc.)
1 parent 4a060ee commit 551d9a6

File tree

2 files changed

+46
-16
lines changed

2 files changed

+46
-16
lines changed

server/plugins-available/apache2_plugin.inc.php

Lines changed: 23 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1232,11 +1232,22 @@ function update($event_name, $data) {
12321232
//* check if we have already a Let's Encrypt cert
12331233
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
12341234
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
1235-
1235+
1236+
$success = false;
12361237
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
1237-
$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
1238+
$success = $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
12381239
}
1239-
};
1240+
if(!$success) {
1241+
// error issuing cert
1242+
$app->log('Let\'s Encrypt SSL Cert for: ' . $domain . ' could not be issued.', LOGLEVEL_WARN);
1243+
$data['new']['ssl_letsencrypt'] = 'n';
1244+
if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n';
1245+
/* Update the DB of the (local) Server */
1246+
$app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
1247+
/* Update also the master-DB of the Server-Farm */
1248+
$app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
1249+
}
1250+
}
12401251

12411252
//* check is been correctly created
12421253
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
@@ -1279,11 +1290,11 @@ function update($event_name, $data) {
12791290

12801291
/* we don't need to store it.
12811292
/* Update the DB of the (local) Server */
1282-
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
1283-
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
1293+
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
1294+
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
12841295
/* Update also the master-DB of the Server-Farm */
1285-
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
1286-
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
1296+
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
1297+
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
12871298
}
12881299
}
12891300

@@ -3363,8 +3374,12 @@ function client_delete($event_name, $data) {
33633374
//* Wrapper for exec function for easier debugging
33643375
private function _exec($command) {
33653376
global $app;
3377+
$out = array();
3378+
$ret = 0;
33663379
$app->log('exec: '.$command, LOGLEVEL_DEBUG);
3367-
exec($command);
3380+
exec($command, $out, $ret);
3381+
if($ret != 0) return false;
3382+
else return true;
33683383
}
33693384

33703385
private function _checkTcp ($host, $port) {

server/plugins-available/nginx_plugin.inc.php

Lines changed: 23 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1310,11 +1310,22 @@ function update($event_name, $data) {
13101310
//* check if we have already a Let's Encrypt cert
13111311
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
13121312
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
1313-
1313+
1314+
$success = false;
13141315
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
1315-
$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
1316+
$success = $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
13161317
}
1317-
};
1318+
if(!$success) {
1319+
// error issuing cert
1320+
$app->log('Let\'s Encrypt SSL Cert for: ' . $domain . ' could not be issued.', LOGLEVEL_WARN);
1321+
$data['new']['ssl_letsencrypt'] = 'n';
1322+
if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n';
1323+
/* Update the DB of the (local) Server */
1324+
$app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
1325+
/* Update also the master-DB of the Server-Farm */
1326+
$app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
1327+
}
1328+
}
13181329

13191330
//* check is been correctly created
13201331
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
@@ -1346,11 +1357,11 @@ function update($event_name, $data) {
13461357

13471358
/* we don't need to store it.
13481359
/* Update the DB of the (local) Server */
1349-
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
1350-
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
1360+
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
1361+
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
13511362
/* Update also the master-DB of the Server-Farm */
1352-
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
1353-
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
1363+
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
1364+
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
13541365
}
13551366
};
13561367

@@ -3103,8 +3114,12 @@ function client_delete($event_name, $data) {
31033114
//* Wrapper for exec function for easier debugging
31043115
private function _exec($command) {
31053116
global $app;
3117+
$out = array();
3118+
$ret = 0;
31063119
$app->log('exec: '.$command, LOGLEVEL_DEBUG);
3107-
exec($command);
3120+
exec($command, $out, $ret);
3121+
if($ret != 0) return false;
3122+
else return true;
31083123
}
31093124

31103125
private function _checkTcp ($host, $port) {

0 commit comments

Comments
 (0)