dir.'); if (query('select', 'sites', ['address' => $_POST['domain']], ['address']) !== []) output(403, _('This domain already exists on this service. Use another one.')); $remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA); if (is_array($remoteAaaaRecords) !== true) output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'AAAA', '' . htmlspecialchars($_POST['domain']) . '')); if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true) output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'AAAA', '' . CONF['ht']['ipv6_address'] . '')); $remoteARecords = dns_get_record($_POST['domain'], DNS_A); if (is_array($remoteARecords) !== true) output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'A', '' . htmlspecialchars($_POST['domain']) . '')); if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true) output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'A', '' . CONF['ht']['ipv4_address'] . '')); $remoteTXTRecords = dns_get_record('_auth.' . $_POST['domain'], DNS_TXT); if (is_array($remoteTXTRecords) !== true) output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'TXT', '_auth.' . htmlspecialchars($_POST['domain']) . '')); if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=(?[0-9a-f]{8})-(?[0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1) output(403, sprintf(_('No TXT record with the expected format has been found on domain %s.'), '_auth.' . htmlspecialchars($_POST['domain']) . '')); checkAuthToken($matches['salt'], $matches['hash']); rateLimit(); exescape([ CONF['ht']['sudo_path'], CONF['ht']['certbot_path'], 'certonly', '--domain', $_POST['domain'], ...(($_SESSION['type'] === 'approved') ? [] : ['--test-cert']), ], $output, $returnCode); if ($returnCode !== 0) output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output); addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns'); htRelativeSymlink('../fs/' . $_SESSION['id'] . '/' . $_POST['dir'], CONF['ht']['ht_path'] . '/uri/' . $_POST['domain']); output(200, sprintf(_('%s added on this directory.'), PAGE_METADATA['title']));