Skip to content

Commit 764ce12

Browse files
author
Thom
committed
Improve and fix checks for DNS-01 verification (#4202)
1 parent 1cba34a commit 764ce12

File tree

1 file changed

+7
-4
lines changed

1 file changed

+7
-4
lines changed

server/lib/classes/letsencrypt.inc.php

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -311,7 +311,7 @@ private function get_ssl_domain($data) {
311311

312312
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
313313
$domain = $data['new']['domain'];
314-
if(substr($domain, 0, 2) === '*.' && $use_acme = false) {
314+
if(substr($domain, 0, 2) === '*.' && !$use_acme) {
315315
// DNS-01 verification is needed for wildcard certificate requests, but we do not support that for Certbot.
316316
$app->log('Requesting a wildcard certificate from Let\'s Encrypt is not support when using certbot, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
317317
$domain = substr($domain, 2);
@@ -354,6 +354,7 @@ public function request_certificates($data, $server_type = 'apache') {
354354
$app->uses('getconf');
355355
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
356356
$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
357+
$global_sites_config = $app->getconf->get_global_config('sites');
357358

358359
$use_acme = false;
359360
if($this->get_acme_script()) {
@@ -383,8 +384,10 @@ public function request_certificates($data, $server_type = 'apache') {
383384
$aliasdomains = null;
384385

385386
//* be sure to have good domain
386-
if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && ($use_acme = FALSE || $global_sites_config['acme_dns_user'] == '')))) {
387+
if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || ($data['new']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '')))) {
387388
$temp_domains[] = "www." . $domain;
389+
} elseif ($data['new']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '')) {
390+
$temp_domains[] = "*." . $domain;
388391
}
389392

390393
//* then, add subdomain if we have
@@ -400,7 +403,7 @@ public function request_certificates($data, $server_type = 'apache') {
400403
if(is_array($aliasdomains)) {
401404
foreach($aliasdomains as $aliasdomain) {
402405
$temp_domains[] = $aliasdomain['domain'];
403-
if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR ($data['new']['subdomain'] == "*" && ($use_acme = FALSE || $global_sites_config['acme_dns_user'] == '')))) {
406+
if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR $aliasdomain['subdomain'] == "*")) {
404407
$temp_domains[] = "www." . $aliasdomain['domain'];
405408
}
406409
}
@@ -422,7 +425,7 @@ public function request_certificates($data, $server_type = 'apache') {
422425
if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) {
423426
$le_domains[] = $temp_domain;
424427
} else {
425-
if($global_sites_config['acme_dns_user'] != '') {
428+
if($global_sites_config['acme_dns_user'] == '' || !$use_acme) {
426429
$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
427430
if($le_hash_check == $le_rnd_hash) {
428431
$le_domains[] = $temp_domain;

0 commit comments

Comments
 (0)