gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: ee24ad5f | patch | commit | ignore whitespace

- changed the way letsencrypt is handled due to various problems

Marius Burkard

2016-02-11 7456a4f509267556c92ef1b0cff74c9be2c9453b

- changed the way letsencrypt is handled due to various problems

1 files added

4 files modified

	install/tpl/apache_ispconfig.conf.master	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/acme-challenge/empty.dir	1 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/nginx_vhost.conf.master	14 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/apache2_plugin.inc.php	16 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/nginx_plugin.inc.php	16 ●●●●● patch \| view \| raw \| blame \| history

 install/tpl/apache_ispconfig.conf.master

@@ -118,6 +118,8 @@
Alias /awstats-icon "/usr/share/awstats/icon"
</tmpl_if>

Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme-challenge

NameVirtualHost *:80
NameVirtualHost *:443
<tmpl_loop name="ip_adresses">

 interface/acme-challenge/empty.dir

New file
@@ -0,0 +1 @@
This empty directory is needed by ISPConfig.

 server/conf/nginx_vhost.conf.master

@@ -263,6 +263,13 @@
        }
</tmpl_if>

location /\.well-known/acme-challenge {
       root /usr/local/ispconfig/interface/acme-challenge;
       index index.html index.htm;
       try_files $uri =404;
}


<tmpl_loop name="basic_auth_locations">
        location <tmpl_var name='htpasswd_location'> { ##merge##
                auth_basic "Members Only";
@@ -293,6 +300,13 @@
</tmpl_if>
        
        server_name <tmpl_var name='rewrite_domain'>;

location /\.well-known/acme-challenge {
       root /usr/local/ispconfig/interface/acme-challenge;
       index index.html index.htm;
       try_files $uri =404;
}

<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
        if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {

 server/plugins-available/apache2_plugin.inc.php

@@ -1183,22 +1183,8 @@
            if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
                $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);

                if(is_dir($webroot . "/.well-known/acme-challenge/")) {
                    $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
                    $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
                }

                $app->log("Create challenge directory", LOGLEVEL_DEBUG);
                $app->system->mkdirpath($webroot . "/.well-known/");
                $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
                $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
                $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
                $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
                $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
                $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
				
                if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
                    $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
                    $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
                }
            };


 server/plugins-available/nginx_plugin.inc.php

@@ -1303,22 +1303,8 @@
            if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
                $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);

                if(is_dir($webroot . "/.well-known/acme-challenge/")) {
                    $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
                    $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
                }

                $app->log("Create challenge directory", LOGLEVEL_DEBUG);
                $app->system->mkdirpath($webroot . "/.well-known/");
                $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
                $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
                $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
                $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
                $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
                $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
				
                if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
                    $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
                    $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
                }
            };

			@@ -118,6 +118,8 @@
			Alias /awstats-icon "/usr/share/awstats/icon"
			</tmpl_if>

			Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme-challenge

			NameVirtualHost *:80
			NameVirtualHost *:443
			<tmpl_loop name="ip_adresses">

New file
			@@ -0,0 +1 @@
			This empty directory is needed by ISPConfig.

			@@ -263,6 +263,13 @@
			}
			</tmpl_if>

			location /\.well-known/acme-challenge {
			root /usr/local/ispconfig/interface/acme-challenge;
			index index.html index.htm;
			try_files $uri =404;
			}


			<tmpl_loop name="basic_auth_locations">
			location <tmpl_var name='htpasswd_location'> { ##merge##
			auth_basic "Members Only";
			@@ -293,6 +300,13 @@
			</tmpl_if>

			server_name <tmpl_var name='rewrite_domain'>;

			location /\.well-known/acme-challenge {
			root /usr/local/ispconfig/interface/acme-challenge;
			index index.html index.htm;
			try_files $uri =404;
			}

			<tmpl_if name='alias_seo_redirects2'>
			<tmpl_loop name="alias_seo_redirects2">
			if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {

			@@ -1183,22 +1183,8 @@
			if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
			$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);

			if(is_dir($webroot . "/.well-known/acme-challenge/")) {
			$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
			$this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
			}

			$app->log("Create challenge directory", LOGLEVEL_DEBUG);
			$app->system->mkdirpath($webroot . "/.well-known/");
			$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
			$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
			$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
			$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
			$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
			$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");

			if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
			$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
			$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
			}
			};

			@@ -1303,22 +1303,8 @@
			if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
			$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);

			if(is_dir($webroot . "/.well-known/acme-challenge/")) {
			$app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
			$this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
			}

			$app->log("Create challenge directory", LOGLEVEL_DEBUG);
			$app->system->mkdirpath($webroot . "/.well-known/");
			$app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
			$app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
			$app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
			$app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
			$app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
			$app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");

			if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
			$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
			$this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
			}
			};