| install/tpl/apache_ispconfig.conf.master | ●●●●● patch | view | raw | blame | history | |
| interface/acme-challenge/empty.dir | ●●●●● patch | view | raw | blame | history | |
| interface/web/sites/lib/module.conf.php | ●●●●● patch | view | raw | blame | history | |
| server/conf/nginx_vhost.conf.master | ●●●●● patch | view | raw | blame | history | |
| server/plugins-available/apache2_plugin.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/plugins-available/nginx_plugin.inc.php | ●●●●● patch | view | raw | blame | history |
install/tpl/apache_ispconfig.conf.master
@@ -118,6 +118,8 @@ Alias /awstats-icon "/usr/share/awstats/icon" </tmpl_if> Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme-challenge NameVirtualHost *:80 NameVirtualHost *:443 <tmpl_loop name="ip_adresses"> interface/acme-challenge/empty.dir
New file @@ -0,0 +1 @@ This empty directory is needed by ISPConfig. interface/web/sites/lib/module.conf.php
@@ -194,6 +194,11 @@ 'link' => 'sites/web_sites_stats.php', 'html_id' => 'websites_stats'); $items[] = array( 'title' => 'FTP traffic', 'target' => 'content', 'link' => 'sites/ftp_sites_stats.php', 'html_id' => 'ftpsites_stats'); $items[] = array( 'title' => 'Website quota (Harddisk)', 'target' => 'content', 'link' => 'sites/user_quota_stats.php', server/conf/nginx_vhost.conf.master
@@ -263,6 +263,13 @@ } </tmpl_if> location /\.well-known/acme-challenge { root /usr/local/ispconfig/interface/acme-challenge; index index.html index.htm; try_files $uri =404; } <tmpl_loop name="basic_auth_locations"> location <tmpl_var name='htpasswd_location'> { ##merge## auth_basic "Members Only"; @@ -293,6 +300,13 @@ </tmpl_if> server_name <tmpl_var name='rewrite_domain'>; location /\.well-known/acme-challenge { root /usr/local/ispconfig/interface/acme-challenge; index index.html index.htm; try_files $uri =404; } <tmpl_if name='alias_seo_redirects2'> <tmpl_loop name="alias_seo_redirects2"> if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") { server/plugins-available/apache2_plugin.inc.php
@@ -1121,6 +1121,7 @@ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain )) { if(substr($domain, 0, 2) === '*.') { // wildcard domain not yet supported by letsencrypt! @@ -1135,6 +1136,7 @@ $temp_domains = array(); $lddomain = $domain; $subdomains = null; $aliasdomains = null; //* be sure to have good domain if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { @@ -1146,6 +1148,17 @@ if(is_array($subdomains)) { foreach($subdomains as $subdomain) { $temp_domains[] = $subdomain['domain']; } } //* then, add alias domain if we have $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'"); if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) { $temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain']; } } } @@ -1170,22 +1183,8 @@ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); if(is_dir($webroot . "/.well-known/acme-challenge/")) { $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/"); } $app->log("Create challenge directory", LOGLEVEL_DEBUG); $app->system->mkdirpath($webroot . "/.well-known/"); $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']); $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) { $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot)); $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge"); } };
@@ -1238,6 +1238,7 @@ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain )) { //* be sure to have good domain @@ -1254,6 +1255,7 @@ $temp_domains = array(); $lddomain = $domain; $subdomains = null; $aliasdomains = null; //* be sure to have good domain if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { @@ -1267,7 +1269,18 @@ $temp_domains[] = $subdomain['domain']; } } //* then, add alias domain if we have $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'"); if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) { $temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain']; } } } // prevent duplicate $temp_domains = array_unique($temp_domains); @@ -1290,31 +1303,17 @@ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); if(is_dir($webroot . "/.well-known/acme-challenge/")) { $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/"); } $app->log("Create challenge directory", LOGLEVEL_DEBUG); $app->system->mkdirpath($webroot . "/.well-known/"); $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']); $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) { $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot)); $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge"); } }; //* check is been correctly created if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) { $date = date("YmdHis"); //* TODO: check if is a symlink, if target same keep it, either remove it $date = date("YmdHis"); //* TODO: check if is a symlink, if target same keep it, either remove it if(is_file($key_file)) { $app->system->copy($key_file, $key_file.'.old'.$date); $app->system->copy($key_file, $key_file.'.old.'.$date); $app->system->chmod($key_file.'.old.'.$date, 0400); $app->system->unlink($key_file); }
