Merge branch '5751-always-create-acme-conf' into 'develop'

Till Brehm · Till Brehm · commit be3560e8015e · 2020-09-20T14:15:35.000+02:00
Resolve "Always create acme.conf"

Closes #5738 and #5751

See merge request ispconfig/ispconfig3!1187
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -2718,7 +2718,7 @@ private function curl_request($url, $use_ipv6 = false) {
 		return $response;
 	}
 
-	private function make_acme_vhost($server_name, $server = 'apache') {
+	private function make_acme_vhost($server_name, $server = 'apache', $restart = true) {
 		global $conf;
 
 		$use_template = 'apache_acme.conf.master';
@@ -2756,12 +2756,13 @@ private function make_acme_vhost($server_name, $server = 'apache') {
 		if(!@is_link($vhost_conf_enabled_dir.'' . $use_symlink)) {
 			symlink($vhost_conf_dir.'/' . $use_name, $vhost_conf_enabled_dir.'/' . $use_symlink);
 		}
-
-		if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
-			if($this->is_update) {
-				system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
-			} else {
-				system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+		if($restart === true) {
+			if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
+				if($this->is_update) {
+					system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+				} else {
+					system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+				}
 			}
 		}
 	}
@@ -2994,9 +2995,14 @@ public function make_ispconfig_ssl_cert() {
 					symlink($vhost_conf_dir.'/ispconfig.conf', $vhost_conf_enabled_dir.'/000-ispconfig.conf');
 				}
 			}
-		} elseif(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips))) {
-			// the directory already exists so we have to assume that it was created previously
-			$issued_successfully = true;
+		} else {
+			if($conf['apache']['installed'] == true) {
+				$this->make_acme_vhost($hostname, 'apache', false); // we need this config file but we don't want apache to be restarted at this point
+			}
+			if(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips))) {
+				// the directory already exists so we have to assume that it was created previously
+				$issued_successfully = true;
+			}
 		}
 
 		// If the LE SSL certs for this hostname exists
diff --git a/install/tpl/apache_acme.conf.master b/install/tpl/apache_acme.conf.master
@@ -1,11 +1,13 @@
-	Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
-
-	<Directory /usr/local/ispconfig/interface/acme>
-		AllowOverride None
+Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
+<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
 		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
 		Require all granted
 		<tmpl_else>
-		Order allow,deny
-		Allow from all
+        Order allow,deny
+        Allow from all
 		</tmpl_if>
-	</Directory>
+        <IfModule mpm_itk_module>
+           AssignUserId ispconfig ispconfig
+        </IfModule>
+</Directory>
+
diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
@@ -132,19 +132,6 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 
 Alias /awstats-icon "/usr/share/awstats/icon"
 
-Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
-<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
-		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-		Require all granted
-		<tmpl_else>
-        Order allow,deny
-        Allow from all
-		</tmpl_if>
-        <IfModule mpm_itk_module>
-           AssignUserId ispconfig ispconfig
-        </IfModule>
-</Directory>
-
 NameVirtualHost *:80
 NameVirtualHost *:443
 <tmpl_loop name="ip_adresses">
diff --git a/server/conf/apache_ispconfig.conf.master b/server/conf/apache_ispconfig.conf.master
@@ -127,19 +127,6 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 
 Alias /awstats-icon "/usr/share/awstats/icon"
 
-Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
-<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
-		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-		Require all granted
-		<tmpl_else>
-        Order allow,deny
-        Allow from all
-		</tmpl_if>
-        <IfModule mpm_itk_module>
-           AssignUserId ispconfig ispconfig
-        </IfModule>
-</Directory>
-
 NameVirtualHost *:80
 NameVirtualHost *:443
 <tmpl_loop name="ip_adresses">

Original file line number	Diff line number	Diff line change
`@@ -2718,7 +2718,7 @@ private function curl_request($url, $use_ipv6 = false) {`
`2718`	`2718`	`return $response;`
`2719`	`2719`	`}`
`2720`	`2720`
`2721`		`- private function make_acme_vhost($server_name, $server = 'apache') {`
	`2721`	`+ private function make_acme_vhost($server_name, $server = 'apache', $restart = true) {`
`2722`	`2722`	`global $conf;`
`2723`	`2723`
`2724`	`2724`	`$use_template = 'apache_acme.conf.master';`
`@@ -2756,12 +2756,13 @@ private function make_acme_vhost($server_name, $server = 'apache') {`
`2756`	`2756`	`if(!@is_link($vhost_conf_enabled_dir.'' . $use_symlink)) {`
`2757`	`2757`	`symlink($vhost_conf_dir.'/' . $use_name, $vhost_conf_enabled_dir.'/' . $use_symlink);`
`2758`	`2758`	`}`
`2759`		`-`
`2760`		`- if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {`
`2761`		`- if($this->is_update) {`
`2762`		`- system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null \|\| ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');`
`2763`		`- } else {`
`2764`		`- system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');`
	`2759`	`+ if($restart === true) {`
	`2760`	`+ if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {`
	`2761`	`+ if($this->is_update) {`
	`2762`	`+ system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null \|\| ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');`
	`2763`	`+ } else {`
	`2764`	`+ system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');`
	`2765`	`+ }`
`2765`	`2766`	`}`
`2766`	`2767`	`}`
`2767`	`2768`	`}`
`@@ -2994,9 +2995,14 @@ public function make_ispconfig_ssl_cert() {`
`2994`	`2995`	`symlink($vhost_conf_dir.'/ispconfig.conf', $vhost_conf_enabled_dir.'/000-ispconfig.conf');`
`2995`	`2996`	`}`
`2996`	`2997`	`}`
`2997`		`- } elseif(($svr_ip4 && in_array($svr_ip4, $dns_ips)) \|\| ($svr_ip6 && in_array($svr_ip6, $dns_ips))) {`
`2998`		`- // the directory already exists so we have to assume that it was created previously`
`2999`		`- $issued_successfully = true;`
	`2998`	`+ } else {`
	`2999`	`+ if($conf['apache']['installed'] == true) {`
	`3000`	`+ $this->make_acme_vhost($hostname, 'apache', false); // we need this config file but we don't want apache to be restarted at this point`
	`3001`	`+ }`
	`3002`	`+ if(($svr_ip4 && in_array($svr_ip4, $dns_ips)) \|\| ($svr_ip6 && in_array($svr_ip6, $dns_ips))) {`
	`3003`	`+ // the directory already exists so we have to assume that it was created previously`
	`3004`	`+ $issued_successfully = true;`
	`3005`	`+ }`
`3000`	`3006`	`}`
`3001`	`3007`
`3002`	`3008`	`// If the LE SSL certs for this hostname exists`