letsencrypt.cgi

1. #!/usr/bin/perl
2. # Request and install a cert and key from Let's Encrypt
3.  
4. require './virtual-server-lib.pl';
5. &ReadParse();
6. &error_setup($text{'letsencrypt_err'});
7. $d = &get_domain($in{'dom'});
8. &can_edit_domain($d) && &can_edit_ssl() || &error($text{'edit_ecannot'});
9.  
10. if ($in{'dname_def'}) {
11. $dname = $d->{'dom'};
12. }
13. else {
14. $dname = lc(&parse_domain_name($in{'dname'}));
15. $err = &valid_domain_name($dname);
16. &error($err) if ($err);
17. }
18.  
19. &ui_print_unbuffered_header(&domain_in($d), $text{'letsencrypt_title'}, "");
20.  
21. &$first_print($text{'letsencrypt_doing'});
22. &foreign_require("webmin");
23. $phd = &public_html_dir($d);
24. if (&get_webmin_version() >= 1.782) {
25. @dnames = ( $dname, "www.".$dname );
26. ($ok, $cert, $key, $chain) =
27. &webmin::request_letsencrypt_cert(\@dnames, $phd);
28. }
29. else {
30. ($ok, $cert, $key, $chain) =
31. &webmin::request_letsencrypt_cert($dname, $phd);
32. }
33. if (!$ok) {
34. &$second_print(&text('letsencrypt_failed',
35. "<pre>".&html_escape($cert)."</pre>"));
36. }
37. else {
38. &$second_print($text{'letsencrypt_done'});
39.  
40. # Worked .. copy to the domain
41. &obtain_lock_ssl($d);
42. &$first_print($text{'newkey_apache'});
43.  
44. # Copy and save the cert
45. $d->{'ssl_cert'} ||= &default_certificate_file($d, 'cert');
46. $cert_text = &read_file_contents($cert);
47. &lock_file($d->{'ssl_cert'});
48. &unlink_file($d->{'ssl_cert'});
49. &open_tempfile_as_domain_user($d, CERT, ">$d->{'ssl_cert'}");
50. &print_tempfile(CERT, $cert_text);
51. &close_tempfile_as_domain_user($d, CERT);
52. &set_certificate_permissions($d, $d->{'ssl_cert'});
53. &unlock_file($d->{'ssl_cert'});
54. &save_website_ssl_file($d, "cert", $d->{'ssl_cert'});
55.  
56. # And the key
57. $d->{'ssl_key'} ||= &default_certificate_file($d, 'key');
58. $key_text = &read_file_contents($key);
59. &lock_file($d->{'ssl_key'});
60. &unlink_file($d->{'ssl_key'});
61. &open_tempfile_as_domain_user($d, CERT, ">$d->{'ssl_key'}");
62. &print_tempfile(CERT, $key_text);
63. &close_tempfile_as_domain_user($d, CERT);
64. &set_certificate_permissions($d, $d->{'ssl_key'});
65. &unlock_file($d->{'ssl_key'});
66. &save_website_ssl_file($d, "key", $d->{'ssl_key'});
67.  
68. # Let's encrypt certs have no passphrase
69. $d->{'ssl_pass'} = undef;
70. &save_domain_passphrase($d);
71.  
72. # And the chained file
73. if ($chain) {
74. $chainfile = &default_certificate_file($d, 'ca');
75. $chain_text = &read_file_contents($chain);
76. &lock_file($chainfile);
77. &unlink_file_as_domain_user($d, $chainfile);
78. &open_tempfile_as_domain_user($d, CERT, ">$chainfile");
79. &print_tempfile(CERT, $chain_text);
80. &close_tempfile_as_domain_user($d, CERT);
81. &set_permissions_as_domain_user($d, 0755, $chainfile);
82. &unlock_file($chainfile);
83. $err = &save_website_ssl_file($d, 'ca', $chainfile);
84. }
85.  
86. &save_domain($d);
87.  
88. # Apply any per-domain cert to Dovecot and Postfix
89. if ($d->{'virt'}) {
90. &sync_dovecot_ssl_cert($d, 1);
91. &sync_postfix_ssl_cert($d, 1);
92. }
93.  
94. # For domains that were using the SSL cert on this domain originally but
95. # can no longer due to the cert hostname changing, break the linkage
96. &break_invalid_ssl_linkages($d);
97.  
98. # Copy SSL directives to domains using same cert
99. foreach $od (&get_domain_by("ssl_same", $d->{'id'})) {
100. next if (!&domain_has_ssl($od));
101. $od->{'ssl_cert'} = $d->{'ssl_cert'};
102. $od->{'ssl_key'} = $d->{'ssl_key'};
103. $od->{'ssl_newkey'} = $d->{'ssl_newkey'};
104. $od->{'ssl_csr'} = $d->{'ssl_csr'};
105. $od->{'ssl_pass'} = $d->{'ssl_pass'};
106. &save_domain_passphrase($od);
107. &save_domain($od);
108. }
109.  
110. &release_lock_ssl();
111. &$second_print($text{'setup_done'});
112.  
113. &run_post_actions();
114. &webmin_log("letsencrypt", "domain", $d->{'dom'}, $d);
115. }
116.  
117. &ui_print_footer(&domain_footer_link($d),
118. "", $text{'index_return'});