servnest/ht/le.php

<?php require "../top.inc.php"; ?>
<p>
	Installer un certificat Let's Encrypt
</p>

<form method="post">
	<label for="domain">Domaine ciblé</label><br>
	<select required="" name="domain">
		<option value="" disabled="" selected="">---</option>
	<?php
	$sites = selectSites($_SESSION['username'], "dns", "http", false);
	$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
	foreach ($sites as $site) { ?>
		<option value="<?= $site['domain'] ?>"><?= $site['domain'] . " (/ht/" . $site['siteDir'] . ")" ?></option>
	<?php } ?>
	</select>
	<br>
	<input value="Valider" type="submit">
</form>

<?php

if (isset($_POST['domain']) AND isset($_SESSION['username'])) {

	antiCSRF();

	// Use maniver to use Certbot
	exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output, $returnCode);

	// Log Certbot response
	addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output,	$returnCode);

	// Abort if Certbot failed
	if ($returnCode !== 0)
		exit("Let's Encrypt certificate obtention failed. Try again later, or contact an administrator.");

	// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
	$conf = file_get_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf");
	$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
	$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
	file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf);

	// Reload Nginx
	exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx", $output, $returnCode);

	// Abort if Maniver failed to reload Nginx
	if ($returnCode !== 0)
		exit("Nginx configuration reload failed. Try again later, or contact an administrator.");

	echo "Succès : La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.";
}

?>

<?php require "../bottom.inc.php"; ?>