mirror of
https://github.com/webmin/webmin.git
synced 2025-07-23 00:30:33 +00:00
Start of work on support for requesting only a subset of hostnames
This commit is contained in:
Jamie Cameron
@ -277,7 +277,9 @@ else {
|
||||
my @doms = $config{'letsencrypt_doms'} ?
|
||||
split(/\s+/, $config{'letsencrypt_doms'}) : ( $host );
|
||||
print &ui_table_row($text{'ssl_letsdoms'},
|
||||
&ui_textarea("dom", join("\n", @doms), 5, 40));
|
||||
&ui_textarea("dom", join("\n", @doms), 5, 40)."<br>\n".
|
||||
&ui_checkbox("subset", 1, $text{'ssl_subset'},
|
||||
$config{'letsencrypt_subset'}));
|
||||
|
||||
# Apache vhost or other path
|
||||
my @opts;
|
||||
|
||||
@ -424,6 +424,7 @@ ssl_letserr2=Alternately, check the <a href='$1'>module configuration</a> page t
|
||||
ssl_letsdesc2=This page can be used to request a new certificate, which will overwrite any other currently have configured in Webmin. However, the Let's Encrypt service requires that your ownership of the certificate domain be validated by checking that this system hosts the website for the domain. This is done by placing a small temporary file in the website's document directory.
|
||||
ssl_letsheader=Options for new SSL certificate
|
||||
ssl_letsdoms=Hostnames for certificate
|
||||
ssl_subset=Skip unverifiable hostnames?
|
||||
ssl_letsmode=Let's Encrypt validation method
|
||||
ssl_letsmode0=Apache virtual host matching hostname
|
||||
ssl_letsmode1=Selected Apache virtual host
|
||||
|
||||
@ -58,14 +58,15 @@ return &software::missing_install_link(
|
||||
|
||||
# request_letsencrypt_cert(domain|&domains, webroot, [email], [keysize],
|
||||
# [request-mode], [use-staging], [account-email],
|
||||
# [reuse-key], [server-url, server-key, server-hmac])
|
||||
# [reuse-key], [server-url, server-key, server-hmac],
|
||||
# [allow-subset])
|
||||
# Attempt to request a cert using a generated key with the Let's Encrypt client
|
||||
# command, and write it to the given path. Returns a status flag, and either
|
||||
# an error message or the paths to cert, key and chain files.
|
||||
sub request_letsencrypt_cert
|
||||
{
|
||||
my ($dom, $webroot, $email, $size, $mode, $staging, $account_email,
|
||||
$key_type, $reuse_key, $server, $server_key, $server_hmac) = @_;
|
||||
$key_type, $reuse_key, $server, $server_key, $server_hmac, $subset) = @_;
|
||||
my @doms = ref($dom) ? @$dom : ($dom);
|
||||
$email ||= "root\@$doms[0]";
|
||||
$mode ||= "web";
|
||||
@ -179,6 +180,7 @@ if ($letsencrypt_cmd) {
|
||||
my $new_flags = "";
|
||||
my $reuse_flags = "";
|
||||
my $server_flags = "";
|
||||
my $subset_flags = "";
|
||||
$key_type ||= $config{'letsencrypt_algo'} || 'rsa';
|
||||
if (&compare_version_numbers($cmd_ver, 1.11) < 0) {
|
||||
$old_flags = " --manual-public-ip-logging-ok";
|
||||
@ -192,6 +194,9 @@ if ($letsencrypt_cmd) {
|
||||
else {
|
||||
$reuse_flags = " --no-reuse-key";
|
||||
}
|
||||
if ($subset) {
|
||||
$subset_flags = " --allow-subset-of-names";
|
||||
}
|
||||
$reuse_flags = "" if ($reuse_key && $reuse_key == -1);
|
||||
if ($server) {
|
||||
$server_flags = " --server ".quotemeta($server);
|
||||
@ -227,6 +232,7 @@ if ($letsencrypt_cmd) {
|
||||
$old_flags.
|
||||
$server_flags.
|
||||
$new_flags.
|
||||
$subset_flags.
|
||||
" 2>&1)");
|
||||
&reset_environment();
|
||||
}
|
||||
@ -245,6 +251,7 @@ if ($letsencrypt_cmd) {
|
||||
$old_flags.
|
||||
$server_flags.
|
||||
$new_flags.
|
||||
$subset_flags.
|
||||
" 2>&1)");
|
||||
&reset_environment();
|
||||
}
|
||||
@ -260,6 +267,7 @@ if ($letsencrypt_cmd) {
|
||||
$old_flags.
|
||||
$server_flags.
|
||||
$new_flags.
|
||||
$subset_flags.
|
||||
" 2>&1)");
|
||||
&reset_environment();
|
||||
}
|
||||
|
||||
@ -76,7 +76,7 @@ else {
|
||||
|
||||
if ($in{'save'}) {
|
||||
# Just update renewal
|
||||
&save_renewal_only(\@doms, $webroot, $mode);
|
||||
&save_renewal_only(\@doms, $webroot, $mode, $size, $in{'subset'});
|
||||
&redirect("edit_ssl.cgi");
|
||||
}
|
||||
else {
|
||||
@ -88,7 +88,9 @@ else {
|
||||
'letsencrypt_doing',
|
||||
"<tt>".&html_escape(join(", ", @doms))."</tt>",
|
||||
"<tt>".&html_escape($webroot)."</tt>"),"<p>\n";
|
||||
my ($ok, $cert, $key, $chain) = &request_letsencrypt_cert(\@doms, $webroot, undef, $size, $mode, $in{'staging'});
|
||||
my ($ok, $cert, $key, $chain) = &request_letsencrypt_cert(
|
||||
\@doms, $webroot, undef, $size, $mode, $in{'staging'},
|
||||
undef, 0, undef, undef, undef, $in{'subset'});
|
||||
if (!$ok) {
|
||||
print &text('letsencrypt_failed', $cert),"<p>\n";
|
||||
}
|
||||
@ -148,15 +150,16 @@ else {
|
||||
&ui_print_footer("", $text{'index_return'});
|
||||
}
|
||||
|
||||
# save_renewal_only(&doms, webroot, mode)
|
||||
# save_renewal_only(&doms, webroot, mode, size, subset-mode)
|
||||
# Save for future renewals
|
||||
sub save_renewal_only
|
||||
{
|
||||
my ($doms, $webroot, $mode) = @_;
|
||||
my ($doms, $webroot, $mode, $size, $subset) = @_;
|
||||
$config{'letsencrypt_doms'} = join(" ", @$doms);
|
||||
$config{'letsencrypt_webroot'} = $webroot;
|
||||
$config{'letsencrypt_mode'} = $mode;
|
||||
$config{'letsencrypt_size'} = $size;
|
||||
$config{'letsencrypt_subset'} = $subset;
|
||||
&save_module_config();
|
||||
if (&foreign_check("webmincron")) {
|
||||
my $job = &find_letsencrypt_cron_job();
|
||||
|
||||
Reference in New Issue
Block a user