Integrate Let's Encrypt into (add|del)-http-dns.php

config.ini

@@ -23,6 +23,8 @@ kdig_path = "/usr/bin/kdig"
 
 [ht]
 enabled = true
+letsencrypt_use_production = false
+
 ; Path were user's sites will be stored
 ht_path = "/srv/niver/ht"
 ; Nginx configuration directory

fn/ht.php

@@ -79,6 +79,13 @@ function htDeleteSite($dir, $domainType, $protocol) {
 	if ($code !== 0)
 		serverError("Failed to reload Nginx.");
 
+	if ($domainType === 'dns') {
+		// Delete Let's Encrypt certificate
+		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
+		if ($code !== 0)
+			serverError("Certbot failed to delete the Let's Encrypt certificate.");
+	}
+
 	// Delete from database
 	query('delete', 'sites', [
 		'username' => $_SESSION['username'],

pages/ht/add-http-dns.php

@@ -28,18 +28,22 @@ if (processForm()) {
 
 	addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
 
+	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
+	if ($returnCode !== 0)
+		serverError("Certbot failed to get a Let's Encrypt certificate.");
+
 	$nginxConf = 'server {
 	listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
 	listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2;
 	server_name ' . $_POST['domain'] . ';
 	root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
 
-	ssl_certificate /etc/ssl/certs/niver.crt;
-	ssl_certificate_key /etc/ssl/private/niver.key;
+	ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem;
 
 	include inc/ht-tls.conf;
 }
-	';
+';
 	if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
 		serverError("Failed to write Nginx configuration.");
 
@@ -49,7 +53,6 @@ if (processForm()) {
 		serverError("Failed to reload Nginx.");
 
 	success("Accès HTTP par domaine ajouté sur ce dossier !");
-
 }
 
 ?>
@@ -57,8 +60,8 @@ if (processForm()) {
 <p>
 	Ajouter un domaine sur un dossier de site<br>
 	Le domaine doit pointer vers ces adresses IP :
-	<br>IPv4 : <code><?= CONF['ht']['ipv4_address'] ?></code>
 	<br>IPv6 : <code><?= CONF['ht']['ipv6_address'] ?></code>
+	<br>IPv4 : <code><?= CONF['ht']['ipv4_address'] ?></code>
 </p>
 
 <form method="post">
@@ -67,16 +70,12 @@ if (processForm()) {
 	<label for="dir">Dossier ciblé</label><br>
 	<select required="" name="dir" id="dir">
 		<option value="" disabled="" selected="">---</option>
-
 <?php
 
-foreach ($dirsStatuses as $dir => $alreadyEnabled) {
-	$disabled = $alreadyEnabled ? " disabled=''" : "";
-	echo "		<option" . $disabled . " value='" . $dir . "'>" . $dir . "</option>";
-}
+foreach ($dirsStatuses as $dir => $alreadyEnabled)
+	echo '		<option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . "\n";
 
 ?>
-
 	</select>
 	<br>
 	<input value="Valider" type="submit">

pages/ht/le.php

@@ -1,48 +0,0 @@
-<?php
-
-if (processForm()) {
-	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --dry-run --test-cert --webroot --webroot-path /srv/acme --register-unsafely-without-email --agree-tos --domain " . $_POST['domain'], $output, $returnCode);
-
-	// Abort if Certbot failed
-	if ($returnCode !== 0)
-		serverError("Certbot failed to get a Let's Encrypt certificate.");
-
-	// Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
-	$conf = file_get_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf");
-	$conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
-	$conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
-	file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $conf);
-
-	// Reload Nginx
-	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output, $returnCode);
-
-	// Abort if Nginx reload failed
-	if ($returnCode !== 0)
-		serverError("Nginx configuration reload failed.");
-
-	success("La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.");
-}
-
-?>
-
-<p>
-	Installer un certificat Let's Encrypt
-</p>
-
-<form method="post">
-	<label for="domain">Domaine ciblé</label><br>
-	<select required="" name="domain">
-		<option value="" disabled="" selected="">---</option>
-<?php
-if (isset($_SESSION['username'])) {
-	$sites = selectSites($_SESSION['username'], "dns", "http", false);
-	$leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
-	foreach ($sites as $site)
-		echo '<option value="' . $site['domain'] . '">' . $site['domain'] . " (/" . $site['siteDir'] . ")</option>";
-}
-?>
-
-	</select>
-	<br>
-	<input value="Valider" type="submit">
-</form>