Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9b34d667d0 | ||
|
|
8ed17841b8 | ||
|
|
1fcd437aaf | ||
|
|
0db38e9d95 |
@@ -6,8 +6,8 @@
|
|||||||
"ext-posix": "*",
|
"ext-posix": "*",
|
||||||
"ext-openssl": "*",
|
"ext-openssl": "*",
|
||||||
"bramus/monolog-colored-line-formatter": "^2",
|
"bramus/monolog-colored-line-formatter": "^2",
|
||||||
"kelunik/acme": "dev-master",
|
"kelunik/acme": "^0.3",
|
||||||
"kelunik/certificate": "dev-master",
|
"kelunik/certificate": "^1",
|
||||||
"league/climate": "^3",
|
"league/climate": "^3",
|
||||||
"monolog/monolog": "^1.17",
|
"monolog/monolog": "^1.17",
|
||||||
"psr/log": "^1",
|
"psr/log": "^1",
|
||||||
|
|||||||
@@ -32,11 +32,16 @@ class Issue implements Command {
|
|||||||
|
|
||||||
private function doExecute(Manager $args): Generator {
|
private function doExecute(Manager $args): Generator {
|
||||||
if (posix_geteuid() !== 0) {
|
if (posix_geteuid() !== 0) {
|
||||||
throw new AcmeException("Please run this script as root!");
|
$processUser = posix_getpwuid(posix_geteuid());
|
||||||
|
$currentUsername = $processUser['name'];
|
||||||
|
$user = $args->get("user") ?? $currentUsername;
|
||||||
|
if ($currentUsername !== $user) {
|
||||||
|
throw new AcmeException("Running this script with --user only works as root");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$user = $args->get("user") ?? "www-data";
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = $args->get("user") ?? "www-data";
|
|
||||||
|
|
||||||
$server = $args->get("server");
|
$server = $args->get("server");
|
||||||
$protocol = substr($server, 0, strpos("://", $server));
|
$protocol = substr($server, 0, strpos("://", $server));
|
||||||
|
|
||||||
@@ -52,7 +57,7 @@ class Issue implements Command {
|
|||||||
|
|
||||||
$keyPair = $this->checkRegistration($args);
|
$keyPair = $this->checkRegistration($args);
|
||||||
|
|
||||||
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
|
$acme = new AcmeService(new AcmeClient($server, $keyPair));
|
||||||
|
|
||||||
foreach ($domains as $domain) {
|
foreach ($domains as $domain) {
|
||||||
list($location, $challenges) = yield $acme->requestChallenges($domain);
|
list($location, $challenges) = yield $acme->requestChallenges($domain);
|
||||||
@@ -70,7 +75,7 @@ class Issue implements Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$this->logger->debug("Generating payload...");
|
$this->logger->debug("Generating payload...");
|
||||||
$payload = $acme->generateHttp01Payload($token);
|
$payload = $acme->generateHttp01Payload($keyPair, $token);
|
||||||
|
|
||||||
$docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\");
|
$docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\");
|
||||||
$path = $docRoot . "/.well-known/acme-challenge";
|
$path = $docRoot . "/.well-known/acme-challenge";
|
||||||
@@ -95,9 +100,9 @@ class Issue implements Command {
|
|||||||
|
|
||||||
file_put_contents("{$path}/{$token}", $payload);
|
file_put_contents("{$path}/{$token}", $payload);
|
||||||
chown("{$path}/{$token}", $userInfo["uid"]);
|
chown("{$path}/{$token}", $userInfo["uid"]);
|
||||||
chmod("{$path}/{$token}", 0660);
|
chmod("{$path}/{$token}", 0664);
|
||||||
|
|
||||||
yield $acme->selfVerify($domain, $token, $payload);
|
yield $acme->verifyHttp01Challenge($domain, $token, $payload);
|
||||||
$this->logger->info("Successfully self-verified challenge.");
|
$this->logger->info("Successfully self-verified challenge.");
|
||||||
|
|
||||||
yield $acme->answerChallenge($challenge->uri, $payload);
|
yield $acme->answerChallenge($challenge->uri, $payload);
|
||||||
|
|||||||
@@ -29,10 +29,6 @@ class Register implements Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function doExecute(Manager $args): Generator {
|
public function doExecute(Manager $args): Generator {
|
||||||
if (posix_geteuid() !== 0) {
|
|
||||||
throw new AcmeException("Please run this script as root!");
|
|
||||||
}
|
|
||||||
|
|
||||||
$email = $args->get("email");
|
$email = $args->get("email");
|
||||||
yield resolve($this->checkEmail($email));
|
yield resolve($this->checkEmail($email));
|
||||||
|
|
||||||
@@ -70,11 +66,10 @@ class Register implements Command {
|
|||||||
file_put_contents($pathPrivate, $keyPair->getPrivate());
|
file_put_contents($pathPrivate, $keyPair->getPrivate());
|
||||||
file_put_contents($pathPublic, $keyPair->getPublic());
|
file_put_contents($pathPublic, $keyPair->getPublic());
|
||||||
|
|
||||||
chmod($pathPrivate, 600);
|
chmod($pathPrivate, 0600);
|
||||||
chmod($pathPrivate, 600);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
|
$acme = new AcmeService(new AcmeClient($server, $keyPair));
|
||||||
|
|
||||||
$this->logger->info("Registering with ACME server " . substr($server, 8) . " ...");
|
$this->logger->info("Registering with ACME server " . substr($server, 8) . " ...");
|
||||||
|
|
||||||
|
|||||||
@@ -27,10 +27,6 @@ class Revoke implements Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private function doExecute(Manager $args): Generator {
|
private function doExecute(Manager $args): Generator {
|
||||||
if (posix_geteuid() !== 0) {
|
|
||||||
throw new AcmeException("Please run this script as root!");
|
|
||||||
}
|
|
||||||
|
|
||||||
$server = $args->get("server");
|
$server = $args->get("server");
|
||||||
$protocol = substr($server, 0, strpos("://", $server));
|
$protocol = substr($server, 0, strpos("://", $server));
|
||||||
|
|
||||||
@@ -41,7 +37,7 @@ class Revoke implements Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$keyPair = $this->checkRegistration($args);
|
$keyPair = $this->checkRegistration($args);
|
||||||
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
|
$acme = new AcmeService(new AcmeClient($server, $keyPair));
|
||||||
|
|
||||||
$this->logger->info("Revoking certificate ...");
|
$this->logger->info("Revoking certificate ...");
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user