servnest/public/ht/le.php

51 lines
2.0 KiB
PHP

<?php require "../../common/html.php"; ?>
<p>
Installer un certificat Let's Encrypt
</p>
<form method="post">
<label for="domain">Domaine ciblé</label><br>
<select required="" name="domain">
<option value="" disabled="" selected="">---</option>
<?php
if (isset($_SESSION['username'])) {
$sites = selectSites($_SESSION['username'], "dns", "http", false);
$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
foreach ($sites as $site)
echo '<option value="' . $site['domain'] . '">' . $site['domain'] . " (/" . $site['siteDir'] . ")</option>";
}
?>
</select>
<br>
<input value="Valider" type="submit">
</form>
<?php
switchToFormProcess();
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --dry-run --test-cert --webroot --webroot-path /srv/acme --register-unsafely-without-email --agree-tos --domain " . $_POST['domain'], $output, $returnCode);
// Log Certbot response
addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output, $returnCode);
// Abort if Certbot failed
if ($returnCode !== 0)
serverError("Certbot failed to get a Let's Encrypt certificate.");
// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
$conf = file_get_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf");
$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $conf);
// Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output, $returnCode);
// Abort if Nginx reload failed
if ($returnCode !== 0)
serverError("Nginx configuration reload failed.");
success("La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.");