Skip to content

Commit 602d6cd

Browse files
serghey-rodinserghey-rodin
authored
Merge pull request hestiacp#804 from pcfreak30/feature/800
Add GUI support for letsencrypt
2 parents fbfdd51 + 8ef2f19 commit 602d6cd

File tree

10 files changed

+323
-167
lines changed

10 files changed

+323
-167
lines changed

bin/v-add-letsencrypt-domain

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,8 @@ is_object_valid 'user' 'USER' "$user"
3838
is_object_unsuspended 'user' 'USER' "$user"
3939
is_object_valid 'web' 'DOMAIN' "$domain"
4040
is_object_unsuspended 'web' 'DOMAIN' "$domain"
41-
41+
is_object_value_empty 'web' 'DOMAIN' "$domain" '$LETSENCRYPT'
42+
get_domain_values 'web'
4243

4344
#----------------------------------------------------------#
4445
# Action #
@@ -55,8 +56,8 @@ i=1
5556
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
5657
$BIN/v-check-letsencrypt-domain $user $alias
5758
check_result $? "LE domain validation" >/dev/null
58-
if [ "$i" -gt 6 ]; then
59-
check_result $E_LIMIT "LE can't sign more than 6 domains"
59+
if [ "$i" -gt 100 ]; then
60+
check_result $E_LIMIT "LE can't sign more than 100 domains"
6061
fi
6162
i=$((i++))
6263
done
@@ -86,11 +87,23 @@ $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
8687
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir
8788
check_result $? "SSL install" >/dev/null
8889

90+
if [ -z "$LETSENCRYPT" ]; then
91+
add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT' 'FTP_USER'
92+
fi
93+
94+
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
8995

9096
#----------------------------------------------------------#
9197
# Vesta #
9298
#----------------------------------------------------------#
9399

100+
# Restarting web
101+
if [ "$restart" != 'no' ]; then
102+
$BIN/v-restart-web $restart
103+
check_result $? "Web restart failed" >/dev/null
104+
fi
105+
106+
94107
# Logging
95108
log_event "$OK" "$ARGUMENTS"
96109

bin/v-add-letsencrypt-user

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,12 @@ fi
4141
#----------------------------------------------------------#
4242

4343
api='https://acme-v01.api.letsencrypt.org'
44-
agreement='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
4544
if [ -z "$email" ]; then
4645
email=$(get_user_value '$CONTACT')
4746
fi
4847

48+
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
49+
4950
# Generating key
5051
key="$USER_DATA/ssl/user.key"
5152
if [ ! -e "$key" ]; then

bin/v-delete-letsencrypt-domain

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
#!/bin/bash
2+
# info: deleting letsencrypt ssl cetificate for domain
3+
# options: USER DOMAIN [RESTART]
4+
#
5+
# The function turns off letsencrypt SSL support for a domain.
6+
7+
8+
#----------------------------------------------------------#
9+
# Variable&Function #
10+
#----------------------------------------------------------#
11+
12+
# Argument definition
13+
user=$1
14+
domain=$2
15+
restart=$3
16+
17+
# Includes
18+
source $VESTA/func/main.sh
19+
source $VESTA/func/domain.sh
20+
source $VESTA/conf/vesta.conf
21+
22+
23+
#----------------------------------------------------------#
24+
# Verifications #
25+
#----------------------------------------------------------#
26+
27+
check_args '2' "$#" 'USER DOMAIN [RESTART]'
28+
is_format_valid 'user' 'domain'
29+
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
30+
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
31+
is_object_valid 'user' 'USER' "$user"
32+
is_object_unsuspended 'user' 'USER' "$user"
33+
is_object_valid 'web' 'DOMAIN' "$domain"
34+
is_object_unsuspended 'web' 'DOMAIN' "$domain"
35+
is_object_value_exist 'web' 'DOMAIN' "$domain" '$LETSENCRYPT'
36+
37+
#----------------------------------------------------------#
38+
# Action #
39+
#----------------------------------------------------------#
40+
41+
# Delete SSL
42+
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
43+
check_result $? "SSL delete" >/dev/null
44+
45+
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'no'
46+
47+
#----------------------------------------------------------#
48+
# Vesta #
49+
#----------------------------------------------------------#
50+
51+
# Restarting web
52+
if [ "$restart" != 'no' ]; then
53+
$BIN/v-restart-web $restart
54+
check_result $? "Web restart failed" >/dev/null
55+
fi
56+
57+
# Logging
58+
log_event "$OK" "$ARGUMENTS"
59+
60+
exit

bin/v-update-letsencrypt-ssl

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -23,34 +23,34 @@ source $VESTA/conf/vesta.conf
2323
#----------------------------------------------------------#
2424

2525
# Defining user list
26-
users=$(ls $VESTA/data/users/*/ssl/le.conf |cut -f 7 -d /)
26+
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
2727

2828
# Checking users
2929
for user in $users; do
30+
USER_DATA=$VESTA/data/users/$user
3031
# Checking user certificates
31-
for crt in $(ls $VESTA/data/users/$user/ssl/*.crt 2>/dev/null); do
32+
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
33+
crt="$VESTA/data/users/$user/ssl/$domain.crt"
3234
# Checking certificate issuer
33-
crt_data=$(openssl x509 -text -in $crt)
34-
issuer=$(echo "$crt_data" |grep Issuer: |grep Encrypt)
35-
if [ ! -z "$issuer" ]; then
36-
expire=$(echo "$crt_data" |grep "Not After")
37-
expire=$(echo "$expire" |cut -f 2,3,4 -d :)
38-
expire=$(date -d "$expire" +%s)
39-
now=$(date +%s)
40-
expire=$((expire - now))
41-
expire=$((expire / 86400))
42-
domain=$(basename $crt |sed -e "s/.crt$//")
43-
if [[ "$expire" -lt 31 ]]; then
44-
aliases=$(echo "$crt_data" |grep DNS:)
45-
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
46-
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
47-
aliases=$(echo "$aliases" |grep -v "^$domain$")
48-
if [ ! -z "$aliases" ]; then
49-
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
50-
$BIN/v-add-letsencrypt-domain $user $domain $aliases
51-
else
52-
$BIN/v-add-letsencrypt-domain $user $domain
53-
fi
35+
crt_data=$(openssl x509 -text -in "$crt")
36+
37+
expire=$(echo "$crt_data" |grep "Not After")
38+
expire=$(echo "$expire" |cut -f 2,3,4 -d :)
39+
expire=$(date -d "$expire" +%s)
40+
now=$(date +%s)
41+
expire=$((expire - now))
42+
expire=$((expire / 86400))
43+
domain=$(basename $crt |sed -e "s/.crt$//")
44+
if [[ "$expire" -lt 31 ]]; then
45+
aliases=$(echo "$crt_data" |grep DNS:)
46+
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
47+
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
48+
aliases=$(echo "$aliases" |grep -v "^$domain$")
49+
if [ ! -z "$aliases" ]; then
50+
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
51+
$BIN/v-add-letsencrypt-domain $user $domain $aliases
52+
else
53+
$BIN/v-add-letsencrypt-domain $user $domain
5454
fi
5555
fi
5656
done

web/add/web/index.php

Lines changed: 48 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@
1818
// Check for empty fields
1919
if (empty($_POST['v_domain'])) $errors[] = __('domain');
2020
if (empty($_POST['v_ip'])) $errors[] = __('ip');
21-
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = __('ssl certificate');
22-
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = __('ssl key');
21+
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl certificate');
22+
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl key');
2323
if (!empty($errors[0])) {
2424
foreach ($errors as $i => $error) {
2525
if ( $i == 0 ) {
@@ -79,6 +79,7 @@
7979
$v_ssl_key = $_POST['v_ssl_key'];
8080
$v_ssl_ca = $_POST['v_ssl_ca'];
8181
$v_ssl_home = $data[$v_domain]['SSL_HOME'];
82+
$v_letsencrypt = $_POST['v_letsencrypt'];
8283
$v_stats = escapeshellarg($_POST['v_stats']);
8384
$v_stats_user = $data[$v_domain]['STATS_USER'];
8485
$v_stats_password = $data[$v_domain]['STATS_PASSWORD'];
@@ -96,6 +97,7 @@
9697
if ((!empty($_POST['v_ssl'])) || (!empty($_POST['v_elog']))) $v_adv = 'yes';
9798
if ((!empty($_POST['v_ssl_crt'])) || (!empty($_POST['v_ssl_key']))) $v_adv = 'yes';
9899
if ((!empty($_POST['v_ssl_ca'])) || ($_POST['v_stats'] != 'none')) $v_adv = 'yes';
100+
if ((!empty($_POST['v_letsencrypt']))) $v_adv = 'yes';
99101

100102
// Check advanced features
101103
if (empty($_POST['v_dns'])) $v_dns = 'off';
@@ -144,42 +146,53 @@
144146
unset($output);
145147
}
146148

147-
// Add SSL certificates
148-
if ((!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
149-
exec ('mktemp -d', $output, $return_var);
150-
$tmpdir = $output[0];
151-
unset($output);
152-
153-
// Save certificate
154-
if (!empty($_POST['v_ssl_crt'])) {
155-
$fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
156-
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
157-
fwrite($fp, "\n");
158-
fclose($fp);
159-
}
160-
161-
// Save private key
162-
if (!empty($_POST['v_ssl_key'])) {
163-
$fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
164-
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
165-
fwrite($fp, "\n");
166-
fclose($fp);
167-
}
149+
// Add Lets Encrypt support
168150

169-
// Save CA bundle
170-
if (!empty($_POST['v_ssl_ca'])) {
171-
$fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
172-
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
173-
fwrite($fp, "\n");
174-
fclose($fp);
175-
}
176-
177-
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
178-
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
151+
if ((!empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) {
152+
exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
153+
$data = json_decode(implode('', $output), true);
154+
exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$data['ALIAS']."' 'no'", $output, $return_var);
179155
check_return_code($return_var,$output);
180156
unset($output);
181-
}
182-
157+
}
158+
else {
159+
// Add SSL certificates only if Lets Encrypt is off
160+
if ((!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
161+
exec ('mktemp -d', $output, $return_var);
162+
$tmpdir = $output[0];
163+
unset($output);
164+
165+
// Save certificate
166+
if (!empty($_POST['v_ssl_crt'])) {
167+
$fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
168+
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
169+
fwrite($fp, "\n");
170+
fclose($fp);
171+
}
172+
173+
// Save private key
174+
if (!empty($_POST['v_ssl_key'])) {
175+
$fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
176+
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
177+
fwrite($fp, "\n");
178+
fclose($fp);
179+
}
180+
181+
// Save CA bundle
182+
if (!empty($_POST['v_ssl_ca'])) {
183+
$fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
184+
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
185+
fwrite($fp, "\n");
186+
fclose($fp);
187+
}
188+
189+
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
190+
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
191+
check_return_code($return_var,$output);
192+
unset($output);
193+
}
194+
195+
}
183196
// Add web stats
184197
if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) {
185198
$v_stats = escapeshellarg($_POST['v_stats']);

0 commit comments

Comments
 (0)