ht/dns-add: display recommended CAA record

2023-05-05 19:41:55 +02:00 · 2023-05-05 19:41:55 +02:00 · 54c64906f7
parent f3752163af
commit 54c64906f7
6 changed files with 17 additions and 11 deletions
--- a/DOCS/configuration.md
+++ b/DOCS/configuration.md
@ -183,6 +183,14 @@ Linux user as who runs SFTPGo. (Used to delete files that users created.)

 Public IPv6 and IPv4 addresses that users must set in their AAAA and A records for a site with dedicated domain.

+### `caa_account_uri`
+
+The URI of the account that requests stable Let's Encrypt certificates. Used for the CAA record of approved accounts. Output of `certbot show_account`
+
+### `caa_account_uri_staging`
+
+The URI of the account that requests staging Let's Encrypt certificates. Used for the CAA record of testing accounts. Output of `certbot show_account --test-cert`
+
 ### `sftp_pub`

 Filesystem path to where the public key of the SFTP service is available.
--- a/config.ini
+++ b/config.ini
@ -57,6 +57,8 @@ sftpgo_user = "sftpgo"
 ; Will be shown to users
 ipv6_address = "::1"
 ipv4_address = "127.0.0.1"
+caa_account_uri = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
+caa_account_uri_staging = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
 sftp_pub = "/etc/sftpgo/ed25519.pub"
 sftp_fp = "/etc/sftpgo/ed25519.fp"
 sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"
--- a/css/main.css
+++ b/css/main.css
@ -55,10 +55,6 @@ p {
 	margin-bottom: 1rem;
 }

-.breakable {
-	word-break: break-all;
-}
-
 ::selection {
 	background-color: var(--foreground-color);
 	color: var(--background-color);
@ -72,10 +68,6 @@ pre {
 	margin: 0;
 }

-code {
-	white-space: nowrap;
-}
-
 a {
 	color: var(--foreground-color);
 	text-decoration: underline var(--svc-color) 0.2em;
--- a/pg-act/ns/caa.php
+++ b/pg-act/ns/caa.php
@ -5,10 +5,10 @@ $values = nsParseCommonRequirements();
 if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
 	output(403, 'Wrong value for <code>flag</code>.');

-if (!(preg_match('/^[a-z]{1,127}$/D', $_POST['tag'])))
+if (!(preg_match('/^[a-z0-9]{1,127}$/D', $_POST['tag'])))
 	output(403, 'Wrong value for <code>tag</code>.');

-if (!(preg_match('/^[a-z0-9.-]{1,255}$/D', $_POST['value'])))
+if (!(preg_match('/^[a-zA-Z0-9 .,;*|#~@=:!?%$+\/\()[\]_-]{1,255}$/D', $_POST['value'])))
 	output(403, 'Wrong value for <code>value</code>.');

 rateLimit();
--- a/pg-act/ns/txt.php
+++ b/pg-act/ns/txt.php
@ -2,7 +2,7 @@

 $values = nsParseCommonRequirements();

-if (!(preg_match('/^[a-zA-Z0-9 .@=:!%$+\/\()[\]_-]{5,8192}$/D', $_POST['txt'])))
+if (!(preg_match('/^[a-zA-Z0-9 .,;*|#~@=:!?%$+\/\()[\]_-]{5,8192}$/D', $_POST['txt'])))
 	output(403, 'Wrong value for <code>txt</code>.');

 rateLimit();
--- a/pg-view/ht/add-dns.php
+++ b/pg-view/ht/add-dns.php
@ -19,6 +19,10 @@
 	<dd>
 		<code><?= SERVER_NAME ?>_domain-verification=<?= getAuthToken() ?></code>
 	</dd>
+	<dt><code>CAA</code></dt>
+	<dd>
+		<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
+	</dd>
 </dl>

 <form method="post">