From 632f1566be6d3a0f153ed1e7fbe4a0716d260d63 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 02 Mar 2016 07:18:56 -0500
Subject: [PATCH] - removed unneeded security check (Fixes #3785)
---
server/plugins-available/nginx_plugin.inc.php | 33 ++++++++++++++++++++-------------
1 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index e070725..b3276e4 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1232,15 +1232,7 @@
$tpl->setVar('ssl_letsencrypt', "n");
- //* Generate Let's Encrypt SSL certificat
- if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
- ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
- || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
- || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
- || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
- || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
- )) {
-
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
//* be sure to have good domain
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
@@ -1250,12 +1242,22 @@
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
-
+ }
+
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
+ ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
+ || ($data['old']['domain'] != $data['new']['domain']) // we have domain update
+ || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
+ || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
+ || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
+ )) {
// default values
$temp_domains = array();
- $lddomain = $domain;
- $subdomains = null;
+ $lddomain = $domain;
+ $subdomains = null;
$aliasdomains = null;
+ $sub_prefixes = array();
//* be sure to have good domain
if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
@@ -1267,6 +1269,7 @@
if(is_array($subdomains)) {
foreach($subdomains as $subdomain) {
$temp_domains[] = $subdomain['domain'];
+ $sub_prefixes[] = str_replace($domain, "", $subdomain['domain']);
}
}
@@ -1277,6 +1280,10 @@
$temp_domains[] = $aliasdomain['domain'];
if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) {
$temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain'];
+ }
+
+ foreach($sub_prefixes as $s) {
+ $temp_domains[] = $s . $aliasdomain['domain'];
}
}
}
@@ -1304,7 +1311,7 @@
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) {
- $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme-challenge");
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme");
}
};
--
Gitblit v1.9.1