@@ -2720,6 +2720,42 @@ private function curl_request($url, $use_ipv6 = false) {
27202720 return $ response
27212721 }
27222722
2723+ private function make_acme_vhost ($ server_name$ server'apache ' ) {
2724+ global $ conf
2725+
2726+ $ use_template'apache_acme.vhost.master ' ;
2727+ if ($ server'nginx ' ) {
2728+ $ use_template'nginx_acme.vhost.master ' ;
2729+ }
2730+
2731+ $ vhost_conf_dir$ conf$ server'vhost_conf_dir ' ];
2732+ $ vhost_conf_enabled_dir$ conf$ server'vhost_conf_enabled_dir ' ];
2733+
2734+ $ tplnew tpl ($ use_template
2735+ $ tplsetVar ('domain ' , $ server_name
2736+
2737+ if ($ server'nginx ' ) {
2738+ $ tplsetVar ('apache_version ' ,getapacheversion ());
2739+ }
2740+
2741+ wf ($ vhost_conf_dir'/acme.vhost ' , $ tplgrab ());
2742+
2743+ if (@is_link ($ vhost_conf_enabled_dir'/999-acme.vhost ' )) {
2744+ unlink ($ vhost_conf_enabled_dir'/999-acme.vhost ' );
2745+ }
2746+ if (!@is_link ($ vhost_conf_enabled_dir'/999-acme.vhost ' )) {
2747+ symlink ($ vhost_conf_dir'/acme.vhost ' , $ vhost_conf_enabled_dir'/999-acme.vhost ' );
2748+ }
2749+
2750+ if ($ conf$ server'installed ' ] == true && $ conf$ server'init_script ' ] != '' ) {
2751+ if ($ this is_update ) {
2752+ system ($ this getinitcommand ($ conf$ server'init_script ' ], 'force-reload ' ).' &> /dev/null || ' . $ this getinitcommand ($ conf$ server'init_script ' ], 'restart ' ).' &> /dev/null ' );
2753+ } else {
2754+ system ($ this getinitcommand ($ conf$ server'init_script ' ], 'restart ' ).' &> /dev/null ' );
2755+ }
2756+ }
2757+ }
2758+
27232759 public function make_ispconfig_ssl_cert () {
27242760 global $ conf$ autoinstall
27252761
@@ -2802,13 +2838,18 @@ public function make_ispconfig_ssl_cert() {
28022838 $ acmeexplode ("\n" , shell_exec ('which /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh ' ));
28032839 $ acmereset ($ acme
28042840
2841+ // first of all create the acme vhosts if not existing
2842+ if ($ conf'nginx ' ]['installed ' ] == true ) {
2843+ $ this make_acme_vhost ($ hostname'nginx ' );
2844+ } elseif ($ conf'apache ' ]['installed ' ] == true ) {
2845+ $ this make_acme_vhost ($ hostname'apache ' );
2846+ }
2847+
28052848 // Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
28062849 if (is_executable ($ acme
28072850
2808- if ($ conf'nginx ' ]['installed ' ] == true ) {
2809- exec ("$ acme --issue --nginx -d $ hostname $ renew_hook );
2810- } elseif ($ conf'apache ' ]['installed ' ] == true ) {
2811- exec ("$ acme --issue --apache -d $ hostname $ renew_hook );
2851+ if ($ conf'nginx ' ]['installed ' ] == true || $ conf'apache ' ]['installed ' ] == true ) {
2852+ exec ("$ acme --issue -w /usr/local/ispconfig/interface/acme -d $ hostname $ renew_hook );
28122853 }
28132854 // Else, it is not webserver, so we use standalone
28142855 else {
@@ -2840,10 +2881,8 @@ public function make_ispconfig_ssl_cert() {
28402881 $ certonly'certonly --agree-tos --non-interactive --expand --rsa-key-size 4096 ' ;
28412882
28422883 // If this is a webserver
2843- if ($ conf'nginx ' ]['installed ' ] == true )
2844- exec ("$ le_client $ certonly $ acme_version --nginx --email postmaster@ $ hostname -d $ hostname $ renew_hook );
2845- elseif ($ conf'apache ' ]['installed ' ] == true )
2846- exec ("$ le_client $ certonly $ acme_version --apache --email postmaster@ $ hostname -d $ hostname $ renew_hook );
2884+ if ($ conf'nginx ' ]['installed ' ] == true || $ conf'apache ' ]['installed ' ] == true )
2885+ exec ("$ le_client $ certonly $ acme_version --authenticator webroot --webroot-path /usr/local/ispconfig/interface/acme --email postmaster@ $ hostname -d $ hostname $ renew_hook );
28472886 // Else, it is not webserver, so we use standalone
28482887 else
28492888 exec ("$ le_client $ certonly $ acme_version --standalone --email postmaster@ $ hostname -d $ hostname $ hook );
0 commit comments