Skip to content

Commit 91ada5f

Browse files
author
Marius Burkard
committed
- separate files for LE to avoid conflicts
1 parent 2ee2e41 commit 91ada5f

File tree

1 file changed

+34
-73
lines changed

1 file changed

+34
-73
lines changed

server/plugins-available/apache2_plugin.inc.php

Lines changed: 34 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -260,9 +260,9 @@ function ssl($event_name, $data) {
260260
if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
261261

262262
$ssl_dir = $data['new']['document_root'].'/ssl';
263-
$domain = $data['new']['ssl_domain'];
264-
$key_file = $ssl_dir.'/'.$domain.'.key.org';
265-
$key_file2 = $ssl_dir.'/'.$domain.'.key';
263+
$domain = ($data['new']['ssl_domain'] != '') ? $data['new']['ssl_domain'] : $data['new']['domain'];
264+
$key_file = $ssl_dir.'/'.$domain.'.key';
265+
$key_file2 = $ssl_dir.'/'.$domain.'.key.org';
266266
$csr_file = $ssl_dir.'/'.$domain.'.csr';
267267
$crt_file = $ssl_dir.'/'.$domain.'.crt';
268268

@@ -322,12 +322,12 @@ function ssl($event_name, $data) {
322322
$app->system->file_put_contents($ssl_cnf_file, $ssl_cnf);
323323

324324
$rand_file = escapeshellcmd($rand_file);
325-
$key_file = escapeshellcmd($key_file);
326-
$openssl_cmd_key_file = $key_file;
327-
if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') !== false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate
328325
$key_file2 = escapeshellcmd($key_file2);
329326
$openssl_cmd_key_file2 = $key_file2;
330327
if(substr($domain, 0, 2) == '*.' && strpos($key_file2, '/ssl/\*.') !== false) $key_file2 = str_replace('/ssl/\*.', '/ssl/*.', $key_file2); // wildcard certificate
328+
$key_file = escapeshellcmd($key_file);
329+
$openssl_cmd_key_file = $key_file;
330+
if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') !== false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate
331331
$ssl_days = 3650;
332332
$csr_file = escapeshellcmd($csr_file);
333333
$openssl_cmd_csr_file = $csr_file;
@@ -339,9 +339,9 @@ function ssl($event_name, $data) {
339339

340340
if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) {
341341

342-
exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $openssl_cmd_key_file 2048");
343-
exec("openssl req -new -sha256 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file -out $openssl_cmd_csr_file -days $ssl_days -config $config_file");
344-
exec("openssl rsa -passin pass:$ssl_password -in $openssl_cmd_key_file -out $openssl_cmd_key_file2");
342+
exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $openssl_cmd_key_file2 2048");
343+
exec("openssl req -new -sha256 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file2 -out $openssl_cmd_csr_file -days $ssl_days -config $config_file");
344+
exec("openssl rsa -passin pass:$ssl_password -in $openssl_cmd_key_file2 -out $openssl_cmd_key_file");
345345

346346
if(file_exists($web_config['CA_path'].'/openssl.cnf'))
347347
{
@@ -350,24 +350,24 @@ function ssl($event_name, $data) {
350350
if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed. openssl ca -out $openssl_cmd_crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $openssl_cmd_csr_file", LOGLEVEL_ERROR);
351351
};
352352
if (@filesize($crt_file)==0 || !file_exists($crt_file)){
353-
exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file -in $openssl_cmd_csr_file -out $openssl_cmd_crt_file -days $ssl_days -config $config_file ");
353+
exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $openssl_cmd_key_file2 -in $openssl_cmd_csr_file -out $openssl_cmd_crt_file -days $ssl_days -config $config_file ");
354354
$app->log("Creating self-signed SSL Cert for: $domain", LOGLEVEL_DEBUG);
355355
};
356356

357357
}
358358

359-
$app->system->chmod($key_file, 0400);
360359
$app->system->chmod($key_file2, 0400);
360+
$app->system->chmod($key_file, 0400);
361361
@$app->system->unlink($config_file);
362362
@$app->system->unlink($rand_file);
363363
$ssl_request = $app->system->file_get_contents($csr_file);
364364
$ssl_cert = $app->system->file_get_contents($crt_file);
365-
$ssl_key2 = $app->system->file_get_contents($key_file2);
365+
$ssl_key = $app->system->file_get_contents($key_file);
366366
/* Update the DB of the (local) Server */
367-
$app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
367+
$app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
368368
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
369369
/* Update also the master-DB of the Server-Farm */
370-
$app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);
370+
$app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
371371
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
372372
}
373373

@@ -390,13 +390,6 @@ function ssl($event_name, $data) {
390390
//* Save a SSL certificate to disk
391391
if($data["new"]["ssl_action"] == 'save') {
392392
$this->ssl_certificate_changed = true;
393-
$ssl_dir = $data["new"]["document_root"]."/ssl";
394-
$domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
395-
$key_file = $ssl_dir.'/'.$domain.'.key.org';
396-
$key_file2 = $ssl_dir.'/'.$domain.'.key';
397-
$csr_file = $ssl_dir.'/'.$domain.".csr";
398-
$crt_file = $ssl_dir.'/'.$domain.".crt";
399-
$bundle_file = $ssl_dir.'/'.$domain.".bundle";
400393

401394
//* Backup files
402395
if(file_exists($key_file)){
@@ -425,14 +418,14 @@ function ssl($event_name, $data) {
425418

426419
//* Write the key file, if field is empty then import the key into the db
427420
if(trim($data["new"]["ssl_key"]) != '') {
428-
$app->system->file_put_contents($key_file2, $data["new"]["ssl_key"]);
429-
$app->system->chmod($key_file2, 0400);
421+
$app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
422+
$app->system->chmod($key_file, 0400);
430423
} else {
431-
$ssl_key2 = $app->system->file_get_contents($key_file2);
424+
$ssl_key = $app->system->file_get_contents($key_file);
432425
/* Update the DB of the (local) Server */
433-
$app->db->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);
426+
$app->db->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key, $data['new']['domain']);
434427
/* Update also the master-DB of the Server-Farm */
435-
$app->dbmaster->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);
428+
$app->dbmaster->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key, $data['new']['domain']);
436429
}
437430

438431
/* Update the DB of the (local) Server */
@@ -445,11 +438,6 @@ function ssl($event_name, $data) {
445438

446439
//* Delete a SSL certificate
447440
if($data['new']['ssl_action'] == 'del') {
448-
$ssl_dir = $data['new']['document_root'].'/ssl';
449-
$domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
450-
$csr_file = $ssl_dir.'/'.$domain.'.csr';
451-
$crt_file = $ssl_dir.'/'.$domain.'.crt';
452-
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
453441
if(file_exists($web_config['CA_path'].'/openssl.cnf') && !is_link($web_config['CA_path'].'/openssl.cnf'))
454442
{
455443
exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke ".escapeshellcmd($crt_file));
@@ -1153,19 +1141,11 @@ function update($event_name, $data) {
11531141
$domain = $data['new']['ssl_domain'];
11541142
if(!$domain) $domain = $data['new']['domain'];
11551143
$key_file = $ssl_dir.'/'.$domain.'.key';
1144+
$key_file2 = $ssl_dir.'/'.$domain.'.key.org';
1145+
$csr_file = $ssl_dir.'/'.$domain.'.csr';
11561146
$crt_file = $ssl_dir.'/'.$domain.'.crt';
11571147
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
11581148

1159-
/*
1160-
if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
1161-
$vhost_data['ssl_enabled'] = 1;
1162-
$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
1163-
} else {
1164-
$vhost_data['ssl_enabled'] = 0;
1165-
$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
1166-
}
1167-
*/
1168-
11691149
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
11701150
if(substr($domain, 0, 2) === '*.') {
11711151
// wildcard domain not yet supported by letsencrypt!
@@ -1175,6 +1155,11 @@ function update($event_name, $data) {
11751155

11761156
$data['new']['ssl_domain'] = $domain;
11771157
$vhost_data['ssl_domain'] = $domain;
1158+
1159+
$key_file = $ssl_dir.'/'.$domain.'-le.key';
1160+
$key_file2 = $ssl_dir.'/'.$domain.'-le.key.org';
1161+
$crt_file = $ssl_dir.'/'.$domain.'-le.crt';
1162+
$bundle_file = $ssl_dir.'/'.$domain.'-le.bundle';
11781163
}
11791164

11801165
//* Generate Let's Encrypt SSL certificat
@@ -1258,7 +1243,7 @@ function update($event_name, $data) {
12581243
//}
12591244

12601245
//* check is been correctly created
1261-
if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
1246+
if(file_exists($crt_tmp_file)) {
12621247
$date = date("YmdHis");
12631248
if(is_file($key_file)) {
12641249
$app->system->copy($key_file, $key_file.'.old'.$date);
@@ -1737,11 +1722,6 @@ function update($event_name, $data) {
17371722
unset($tmp_vhost_arr);
17381723

17391724
//* Add vhost for ipv4 IP with SSL
1740-
$ssl_dir = $data['new']['document_root'].'/ssl';
1741-
$domain = $data['new']['ssl_domain'];
1742-
$key_file = $ssl_dir.'/'.$domain.'.key';
1743-
$crt_file = $ssl_dir.'/'.$domain.'.crt';
1744-
17451725
if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
17461726
$tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
17471727
if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
@@ -1961,15 +1941,6 @@ function update($event_name, $data) {
19611941
$app->system->file_put_contents($vhost_file, "# Apache did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");
19621942
}
19631943
if($this->ssl_certificate_changed === true) {
1964-
1965-
$ssl_dir = $data['new']['document_root'].'/ssl';
1966-
$domain = $data['new']['ssl_domain'];
1967-
$key_file = $ssl_dir.'/'.$domain.'.key.org';
1968-
$key_file2 = $ssl_dir.'/'.$domain.'.key';
1969-
$csr_file = $ssl_dir.'/'.$domain.'.csr';
1970-
$crt_file = $ssl_dir.'/'.$domain.'.crt';
1971-
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
1972-
19731944
//* Backup the files that might have caused the error
19741945
if(is_file($key_file)){
19751946
$app->system->copy($key_file, $key_file.'.err');
@@ -2009,16 +1980,8 @@ function update($event_name, $data) {
20091980
// can reset the ssl changed var to false and cleanup some files
20101981
$this->ssl_certificate_changed = false;
20111982

2012-
$ssl_dir = $data['new']['document_root'].'/ssl';
2013-
$domain = $data['new']['ssl_domain'];
2014-
$key_file = $ssl_dir.'/'.$domain.'.key.org';
2015-
$key_file2 = $ssl_dir.'/'.$domain.'.key';
2016-
$csr_file = $ssl_dir.'/'.$domain.'.csr';
2017-
$crt_file = $ssl_dir.'/'.$domain.'.crt';
2018-
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
2019-
20201983
if(@is_file($key_file.'~')) $app->system->unlink($key_file.'~');
2021-
if(@is_file($key2_file.'~')) $app->system->unlink($key2_file.'~');
1984+
if(@is_file($key_file2.'~')) $app->system->unlink($key_file2.'~');
20221985
if(@is_file($crt_file.'~')) $app->system->unlink($crt_file.'~');
20231986
if(@is_file($csr_file.'~')) $app->system->unlink($csr_file.'~');
20241987
if(@is_file($bundle_file.'~')) $app->system->unlink($bundle_file.'~');
@@ -2112,16 +2075,14 @@ function delete($event_name, $data) {
21122075

21132076
// remove letsencrypt if it exists (renew will always fail otherwise)
21142077

2115-
$domain = $data['old']['ssl_domain'];
2116-
if(!$domain) $domain = $data['old']['domain'];
2117-
if(substr($domain, 0, 2) === '*.') {
2078+
$old_domain = $data['old']['ssl_domain'];
2079+
if(!$old_domain) $old_domain = $data['old']['domain'];
2080+
if(substr($old_domain, 0, 2) === '*.') {
21182081
// wildcard domain not yet supported by letsencrypt!
2119-
$domain = substr($domain, 2);
2082+
$old_domain = substr($old_domain, 2);
21202083
}
2121-
//$crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
2122-
//$key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
2123-
$le_conf_file = '/etc/letsencrypt/renewal/' . $domain . '.conf';
2124-
@rename('/etc/letsencrypt/renewal/' . $domain . '.conf', '/etc/letsencrypt/renewal/' . $domain . '.conf~backup');
2084+
$le_conf_file = '/etc/letsencrypt/renewal/' . $old_domain . '.conf';
2085+
@rename('/etc/letsencrypt/renewal/' . $old_domain . '.conf', '/etc/letsencrypt/renewal/' . $old_domain . '.conf~backup');
21252086
}
21262087

21272088
//* remove mountpoint from fstab

0 commit comments

Comments
 (0)