daxi20/acmeclient
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add logging, fix DNS checks

Browse Source
This commit is contained in:
Niklas Keller
2015-12-03 01:56:28 +01:00
parent 3d9de77c90
commit 179e806e0c
1 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Commands/Issue.php
View File

@@ -48,7 +48,7 @@ class Issue implements Command {
$domains = $args->get("domains"); $domains = $args->get("domains");
$domains = array_map("trim", explode(",", $domains)); $domains = array_map("trim", explode(",", $domains));
$this->checkDnsRecords($domains); yield from $this->checkDnsRecords($domains);
$keyPair = $this->checkRegistration($args); $keyPair = $this->checkRegistration($args);
@@ -69,6 +69,7 @@ class Issue implements Command {
throw new AcmeException("Protocol Violation: Invalid Token!"); throw new AcmeException("Protocol Violation: Invalid Token!");
} }
$this->logger->debug("Generating payload...");
$payload = $acme->generateHttp01Payload($token); $payload = $acme->generateHttp01Payload($token);
$docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\"); $docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\");
@@ -90,13 +91,20 @@ class Issue implements Command {
chown($docRoot . "/.well-known", $userInfo["uid"]); chown($docRoot . "/.well-known", $userInfo["uid"]);
chown($docRoot . "/.well-known/acme-challenge", $userInfo["uid"]); chown($docRoot . "/.well-known/acme-challenge", $userInfo["uid"]);
$this->logger->info("Providing payload for {$domain} at {$path}/{$token}");
file_put_contents("{$path}/{$token}", $payload); file_put_contents("{$path}/{$token}", $payload);
chown("{$path}/{$token}", $userInfo["uid"]); chown("{$path}/{$token}", $userInfo["uid"]);
chmod("{$path}/{$token}", 0660); chmod("{$path}/{$token}", 0660);
yield $acme->selfVerify($domain, $token, $payload); yield $acme->selfVerify($domain, $token, $payload);
$this->logger->info("Successfully self-verified challenge.");
yield $acme->answerChallenge($challenge->uri, $payload); yield $acme->answerChallenge($challenge->uri, $payload);
$this->logger->info("Answered challenge... waiting");
yield $acme->pollForChallenge($location); yield $acme->pollForChallenge($location);
$this->logger->info("Challenge successful. {$domain} is now authorized.");
@unlink("{$path}/{$token}"); @unlink("{$path}/{$token}");
} catch (Throwable $e) { } catch (Throwable $e) {
@@ -116,6 +124,8 @@ class Issue implements Command {
$private = file_get_contents($path . "/private.pem"); $private = file_get_contents($path . "/private.pem");
$public = file_get_contents($path . "/public.pem"); $public = file_get_contents($path . "/public.pem");
$this->logger->info("Using existing domain key found at {$path}");
$domainKeys = new KeyPair($private, $public); $domainKeys = new KeyPair($private, $public);
} else { } else {
$domainKeys = (new OpenSSLKeyGenerator)->generate(2048); $domainKeys = (new OpenSSLKeyGenerator)->generate(2048);
@@ -123,18 +133,26 @@ class Issue implements Command {
file_put_contents($path . "/private.pem", $domainKeys->getPrivate()); file_put_contents($path . "/private.pem", $domainKeys->getPrivate());
file_put_contents($path . "/public.pem", $domainKeys->getPublic()); file_put_contents($path . "/public.pem", $domainKeys->getPublic());
$this->logger->info("Saved new domain key at {$path}");
chmod($path . "/private.pem", 0600); chmod($path . "/private.pem", 0600);
chmod($path . "/public.pem", 0600); chmod($path . "/public.pem", 0600);
} }
$this->logger->info("Requesting certificate ...");
$location = yield $acme->requestCertificate($domainKeys, $domains); $location = yield $acme->requestCertificate($domainKeys, $domains);
$certificates = yield $acme->pollForCertificate($location); $certificates = yield $acme->pollForCertificate($location);
$this->logger->info("Saving certificate ...");
file_put_contents($path . "/cert.pem", reset($certificates)); file_put_contents($path . "/cert.pem", reset($certificates));
file_put_contents($path . "/fullchain.pem", implode("\n", $certificates)); file_put_contents($path . "/fullchain.pem", implode("\n", $certificates));
array_shift($certificates); array_shift($certificates);
file_put_contents($path . "/chain.pem", implode("\n", $certificates)); file_put_contents($path . "/chain.pem", implode("\n", $certificates));
$this->logger->info("Successfully issued certificate.");
} }
private function checkDnsRecords($domains): Generator { private function checkDnsRecords($domains): Generator {
@@ -142,7 +160,7 @@ class Issue implements Command {
foreach ($domains as $domain) { foreach ($domains as $domain) {
$promises[$domain] = dns\resolve($domain, [ $promises[$domain] = dns\resolve($domain, [
"types" => Record::A, "types" => [Record::A],
"hosts" => false, "hosts" => false,
]); ]);
} }
@@ -152,6 +170,8 @@ class Issue implements Command {
if (!empty($errors)) { if (!empty($errors)) {
throw new AcmeException("Couldn't resolve the following domains to an IPv4 record: " . implode(array_keys($errors))); throw new AcmeException("Couldn't resolve the following domains to an IPv4 record: " . implode(array_keys($errors)));
} }
$this->logger->info("Checked DNS records, all fine.");
} }
private function checkRegistration(Manager $args) { private function checkRegistration(Manager $args) {
@@ -174,6 +194,8 @@ class Issue implements Command {
$private = file_get_contents($pathPrivate); $private = file_get_contents($pathPrivate);
$public = file_get_contents($pathPublic); $public = file_get_contents($pathPublic);
$this->logger->info("Found account keys.");
return new KeyPair($private, $public); return new KeyPair($private, $public);
} }