diff --git a/composer.json b/composer.json index 3809941..04a4fc8 100644 --- a/composer.json +++ b/composer.json @@ -6,8 +6,8 @@ "ext-posix": "*", "ext-openssl": "*", "bramus/monolog-colored-line-formatter": "^2", - "kelunik/acme": "dev-master", - "kelunik/certificate": "dev-master", + "kelunik/acme": "^0.3", + "kelunik/certificate": "^1", "league/climate": "^3", "monolog/monolog": "^1.17", "psr/log": "^1", diff --git a/src/Commands/Issue.php b/src/Commands/Issue.php index 966db13..7337498 100644 --- a/src/Commands/Issue.php +++ b/src/Commands/Issue.php @@ -32,11 +32,16 @@ class Issue implements Command { private function doExecute(Manager $args): Generator { if (posix_geteuid() !== 0) { - throw new AcmeException("Please run this script as root!"); + $processUser = posix_getpwuid(posix_geteuid()); + $currentUsername = $processUser['name']; + $user = $args->get("user") ?? $currentUsername; + if ($currentUsername !== $user) { + throw new AcmeException("Running this script with --user only works as root"); + } + } else { + $user = $args->get("user") ?? "www-data"; } - $user = $args->get("user") ?? "www-data"; - $server = $args->get("server"); $protocol = substr($server, 0, strpos("://", $server)); @@ -52,7 +57,7 @@ class Issue implements Command { $keyPair = $this->checkRegistration($args); - $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair); + $acme = new AcmeService(new AcmeClient($server, $keyPair)); foreach ($domains as $domain) { list($location, $challenges) = yield $acme->requestChallenges($domain); @@ -70,7 +75,7 @@ class Issue implements Command { } $this->logger->debug("Generating payload..."); - $payload = $acme->generateHttp01Payload($token); + $payload = $acme->generateHttp01Payload($keyPair, $token); $docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\"); $path = $docRoot . "/.well-known/acme-challenge"; @@ -95,9 +100,9 @@ class Issue implements Command { file_put_contents("{$path}/{$token}", $payload); chown("{$path}/{$token}", $userInfo["uid"]); - chmod("{$path}/{$token}", 0660); + chmod("{$path}/{$token}", 0664); - yield $acme->selfVerify($domain, $token, $payload); + yield $acme->verifyHttp01Challenge($domain, $token, $payload); $this->logger->info("Successfully self-verified challenge."); yield $acme->answerChallenge($challenge->uri, $payload); diff --git a/src/Commands/Register.php b/src/Commands/Register.php index ce145ea..68902e6 100644 --- a/src/Commands/Register.php +++ b/src/Commands/Register.php @@ -29,10 +29,6 @@ class Register implements Command { } public function doExecute(Manager $args): Generator { - if (posix_geteuid() !== 0) { - throw new AcmeException("Please run this script as root!"); - } - $email = $args->get("email"); yield resolve($this->checkEmail($email)); @@ -70,11 +66,10 @@ class Register implements Command { file_put_contents($pathPrivate, $keyPair->getPrivate()); file_put_contents($pathPublic, $keyPair->getPublic()); - chmod($pathPrivate, 600); - chmod($pathPrivate, 600); + chmod($pathPrivate, 0600); } - $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair); + $acme = new AcmeService(new AcmeClient($server, $keyPair)); $this->logger->info("Registering with ACME server " . substr($server, 8) . " ..."); diff --git a/src/Commands/Revoke.php b/src/Commands/Revoke.php index 6927a66..4fe1253 100644 --- a/src/Commands/Revoke.php +++ b/src/Commands/Revoke.php @@ -27,10 +27,6 @@ class Revoke implements Command { } private function doExecute(Manager $args): Generator { - if (posix_geteuid() !== 0) { - throw new AcmeException("Please run this script as root!"); - } - $server = $args->get("server"); $protocol = substr($server, 0, strpos("://", $server)); @@ -41,7 +37,7 @@ class Revoke implements Command { } $keyPair = $this->checkRegistration($args); - $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair); + $acme = new AcmeService(new AcmeClient($server, $keyPair)); $this->logger->info("Revoking certificate ...");