From 7456a4f509267556c92ef1b0cff74c9be2c9453b Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Thu, 11 Feb 2016 12:03:54 -0500
Subject: [PATCH] - changed the way letsencrypt is handled due to various problems
---
server/conf/nginx_vhost.conf.master | 14 ++++++++++++++
server/plugins-available/apache2_plugin.inc.php | 16 +---------------
interface/acme-challenge/empty.dir | 1 +
server/plugins-available/nginx_plugin.inc.php | 16 +---------------
install/tpl/apache_ispconfig.conf.master | 2 ++
5 files changed, 19 insertions(+), 30 deletions(-)
diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
index cd9924a..c65d6d3 100644
--- a/install/tpl/apache_ispconfig.conf.master
+++ b/install/tpl/apache_ispconfig.conf.master
@@ -118,6 +118,8 @@
Alias /awstats-icon "/usr/share/awstats/icon"
</tmpl_if>
+Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme-challenge
+
NameVirtualHost *:80
NameVirtualHost *:443
<tmpl_loop name="ip_adresses">
diff --git a/interface/acme-challenge/empty.dir b/interface/acme-challenge/empty.dir
new file mode 100644
index 0000000..95ba9ef
--- /dev/null
+++ b/interface/acme-challenge/empty.dir
@@ -0,0 +1 @@
+This empty directory is needed by ISPConfig.
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 97862c5..0569674 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -263,6 +263,13 @@
}
</tmpl_if>
+location /\.well-known/acme-challenge {
+ root /usr/local/ispconfig/interface/acme-challenge;
+ index index.html index.htm;
+ try_files $uri =404;
+}
+
+
<tmpl_loop name="basic_auth_locations">
location <tmpl_var name='htpasswd_location'> { ##merge##
auth_basic "Members Only";
@@ -293,6 +300,13 @@
</tmpl_if>
server_name <tmpl_var name='rewrite_domain'>;
+
+location /\.well-known/acme-challenge {
+ root /usr/local/ispconfig/interface/acme-challenge;
+ index index.html index.htm;
+ try_files $uri =404;
+}
+
<tmpl_if name='alias_seo_redirects2'>
<tmpl_loop name="alias_seo_redirects2">
if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index e0564cf..3a54946 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1183,22 +1183,8 @@
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
- if(is_dir($webroot . "/.well-known/acme-challenge/")) {
- $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
- $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
- }
-
- $app->log("Create challenge directory", LOGLEVEL_DEBUG);
- $app->system->mkdirpath($webroot . "/.well-known/");
- $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
- $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
- $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
- $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
- $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
- $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
-
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
- $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
}
};
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 867bf48..e070725 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1303,22 +1303,8 @@
if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
- if(is_dir($webroot . "/.well-known/acme-challenge/")) {
- $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
- $this->_exec("rm -rf " . $webroot . "/.well-known/acme-challenge/");
- }
-
- $app->log("Create challenge directory", LOGLEVEL_DEBUG);
- $app->system->mkdirpath($webroot . "/.well-known/");
- $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
- $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
- $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
- $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
- $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
- $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
-
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
- $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot));
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
}
};
--
Gitblit v1.9.1