added zerossl

PhyreApps · Nov 12, 2024 · 925cb4e · 925cb4e
1 parent 89b94eb
commit 925cb4e
Show file tree

Hide file tree

Showing 4 changed files with 8,163 additions and 27 deletions.
diff --git a/web/Modules/LetsEncrypt/Jobs/LetsEncryptSecureDomain.php b/web/Modules/LetsEncrypt/Jobs/LetsEncryptSecureDomain.php
@@ -19,23 +19,35 @@ public function handle(): void
     {
 
         $findDomain = \App\Models\Domain::where('id', $this->domainId)->first();
-        if (! $findDomain) {
+        if (!$findDomain) {
             throw new \Exception('Domain not found');
         }
+        $domainName = $findDomain->domain;
+
+        $domainName = trim($domainName);
+        $domainName = str_replace('www.', '', $domainName);
+        if (empty($domainName)) {
+            throw new \Exception('Domain name is empty');
+        }
+        $domainNameWww = 'www.' . $domainName;
+        $domainNameWww = str_replace('www.www.', 'www.', $domainNameWww);
+
 
         $generalSettings = Settings::general();
 
-        $sslCertificateFilePath = '/etc/letsencrypt/live/'.$findDomain->domain.'/cert.pem';
-        $sslCertificateKeyFilePath = '/etc/letsencrypt/live/'.$findDomain->domain.'/privkey.pem';
-        $sslCertificateChainFilePath = '/etc/letsencrypt/live/'.$findDomain->domain.'/fullchain.pem';
+        $sslCertificateFilePath = '/etc/letsencrypt/live/' . $domainName . '/cert.pem';
+        $sslCertificateKeyFilePath = '/etc/letsencrypt/live/' . $domainName . '/privkey.pem';
+        $sslCertificateChainFilePath = '/etc/letsencrypt/live/' . $domainName . '/fullchain.pem';
+
 
         $certbotHttpSecureCommand = view('letsencrypt::actions.certbot-http-secure-command', [
-            'domain' => $findDomain->domain,
+            'domain' => $domainName,
+            'domainNameWww' => $domainNameWww,
             'domainRoot' => $findDomain->domain_root,
             'domainPublic' => $findDomain->domain_public,
-            'sslCertificateFilePath'=> $sslCertificateFilePath,
-            'sslCertificateKeyFilePath'=> $sslCertificateKeyFilePath,
-            'sslCertificateChainFilePath'=> $sslCertificateChainFilePath,
+            'sslCertificateFilePath' => $sslCertificateFilePath,
+            'sslCertificateKeyFilePath' => $sslCertificateKeyFilePath,
+            'sslCertificateChainFilePath' => $sslCertificateChainFilePath,
             'email' => $generalSettings['master_email'],
             'country' => $generalSettings['master_country'],
             'locality' => $generalSettings['master_locality'],
@@ -46,27 +58,88 @@ public function handle(): void
         if (empty($isCertbotInstalled)) {
             shell_exec('sudo apt install certbot -y');
         }
-        $output ='';
-        $tmpFile = '/tmp/certbot-http-secure-command-'.$findDomain->id.'.sh';
+
+
+        //delete cert
+        //certbot delete --cert-name example.com
+        shell_exec('certbot delete --cert-name ' . $domainName . ' -n');
+
+
+        $output = '';
+        $tmpFile = '/tmp/certbot-http-secure-command-' . $findDomain->id . '.sh';
         file_put_contents($tmpFile, $certbotHttpSecureCommand);
-        shell_exec('chmod +x '.$tmpFile);
+        shell_exec('chmod +x ' . $tmpFile);
         shell_exec('chmod +x /usr/local/phyre/web/Modules/LetsEncrypt/shell/hooks/pre/http-authenticator.sh');
         shell_exec('chmod +x /usr/local/phyre/web/Modules/LetsEncrypt/shell/hooks/post/http-cleanup.sh');
+        shell_exec('chmod +x /usr/local/phyre/web/Modules/LetsEncrypt/shell/acme.sh');
         $exec = shell_exec("bash $tmpFile");
 
         sleep(10);
-        shell_exec('chmod 0755 /etc/letsencrypt/live/'.$findDomain->domain.'/privkey.pem');
-        shell_exec('chmod 0755 /etc/letsencrypt/live/'.$findDomain->domain.'/fullchain.pem');
-        shell_exec('chmod 0755 /etc/letsencrypt/live/'.$findDomain->domain.'/cert.pem');
-        shell_exec('chmod 0755 /etc/letsencrypt/live/'.$findDomain->domain.'/chain.pem');
+        shell_exec('chmod 0755 /etc/letsencrypt/live/' . $domainName . '/privkey.pem');
+        shell_exec('chmod 0755 /etc/letsencrypt/live/' . $domainName . '/fullchain.pem');
+        shell_exec('chmod 0755 /etc/letsencrypt/live/' . $domainName . '/cert.pem');
+        shell_exec('chmod 0755 /etc/letsencrypt/live/' . $domainName . '/chain.pem');
 
         unlink($tmpFile);
 
         $validateCertificates = [];
 
-        if (! file_exists($sslCertificateFilePath)
-            || ! file_exists($sslCertificateKeyFilePath)
-            || ! file_exists($sslCertificateChainFilePath)) {
+
+        if (!file_exists($sslCertificateFilePath)
+            || !file_exists($sslCertificateKeyFilePath)
+            || !file_exists($sslCertificateChainFilePath)) {
+            // Cant get all certificates
+            // fallback to zerossl via acme,sh
+            // fallback to zerossl via acme,sh
+            // fallback to zerossl via acme,sh
+            //acme.sh  --register-account  -m [email protected] --server zerossl
+            $exec = shell_exec("bash /usr/local/phyre/web/Modules/LetsEncrypt/shell/acme.sh  --register-account  -m " . $generalSettings['master_email'] . " --server zerossl");
+
+            $tmpFile = '/tmp/certbot-zerossl-http-secure-command-' . $findDomain->id . '.sh';
+            $certbotHttpSecureCommand = view('letsencrypt::actions.acme-sh-http-secure-command', [
+                'domain' => $domainName,
+                'domainNameWww' => $domainNameWww,
+                'domainRoot' => $findDomain->domain_root,
+                'domainPublic' => $findDomain->domain_public,
+                'sslCertificateFilePath' => $sslCertificateFilePath,
+                'sslCertificateKeyFilePath' => $sslCertificateKeyFilePath,
+                'sslCertificateChainFilePath' => $sslCertificateChainFilePath,
+                'email' => $generalSettings['master_email'],
+                'country' => $generalSettings['master_country'],
+                'locality' => $generalSettings['master_locality'],
+                'organization' => $generalSettings['organization_name'],
+            ])->render();
+            file_put_contents($tmpFile, $certbotHttpSecureCommand);
+            shell_exec('chmod +x ' . $tmpFile);
+            $exec = shell_exec("bash $tmpFile");
+
+            //check file
+            $zerSslCert = '/root/.acme.sh/' . $domainName . '_ecc/' . $domainName . '.cer';
+            $zerSslCertKey = '/root/.acme.sh/' . $domainName . '_ecc/' . $domainName . '.key';
+            $zerSslCertIntermediate = '/root/.acme.sh/' . $domainName . '_ecc/ca.cer';
+            $zerSslCertFullChain = '/root/.acme.sh/' . $domainName . '_ecc/fullchain.cer';
+
+            if (!file_exists($zerSslCert)
+                || !file_exists($zerSslCertKey)
+                || !file_exists($zerSslCertFullChain)) {
+                // Cant get all certificates
+                throw new \Exception('Cant get certificates with ZeroSSL');
+            }
+            if(!is_dir('/etc/letsencrypt/live/' . $domainName)){
+                shell_exec('mkdir -p /etc/letsencrypt/live/' . $domainName);
+            }
+
+            //copy to letsencrypt
+            file_put_contents($sslCertificateFilePath, file_get_contents($zerSslCert));
+            file_put_contents($sslCertificateKeyFilePath, file_get_contents($zerSslCertKey));
+            file_put_contents($sslCertificateChainFilePath, file_get_contents($zerSslCertFullChain));
+
+        }
+
+
+        if (!file_exists($sslCertificateFilePath)
+            || !file_exists($sslCertificateKeyFilePath)
+            || !file_exists($sslCertificateChainFilePath)) {
             // Cant get all certificates
             throw new \Exception('Cant get all certificates');
         }
@@ -75,13 +148,13 @@ public function handle(): void
         $sslCertificateKeyFileContent = file_get_contents($sslCertificateKeyFilePath);
         $sslCertificateChainFileContent = file_get_contents($sslCertificateChainFilePath);
 
-        if (! empty($sslCertificateChainFileContent)) {
+        if (!empty($sslCertificateChainFileContent)) {
             $validateCertificates['certificate'] = $sslCertificateFileContent;
         }
-        if (! empty($sslCertificateKeyFileContent)) {
+        if (!empty($sslCertificateKeyFileContent)) {
             $validateCertificates['private_key'] = $sslCertificateKeyFileContent;
         }
-        if (! empty($sslCertificateChainFileContent)) {
+        if (!empty($sslCertificateChainFileContent)) {
             $validateCertificates['certificate_chain'] = $sslCertificateChainFileContent;
         }
         if (count($validateCertificates) !== 3) {

diff --git a/web/Modules/LetsEncrypt/Models/LetsEncryptCertificate.php b/web/Modules/LetsEncrypt/Models/LetsEncryptCertificate.php
@@ -17,6 +17,11 @@ class LetsEncryptCertificate extends Model
     protected $fillable = [
         'domain_id',
         'email',
+
+        'domain',
+        'domain_ssl_certificate_id',
+
+
     ];
 
     public static function boot()
@@ -25,10 +30,13 @@ public static function boot()
 
         static::creating(function ($model) {
 
+
             $findDomain = Domain::where('id', $model->domain_id)->first();
             if (!$findDomain) {
                 throw new \Exception('Domain not found');
             }
+unset($model->domain_id);
+unset($model->email);
 
             $findSSL = DomainSslCertificate::where('domain', $findDomain->domain)->first();
             if ($findSSL) {
@@ -42,17 +50,18 @@ public static function boot()
                 throw new \Exception('Hosting subscription not found');
             }
 
-            $secureDomain = new LetsEncryptSecureDomain($findDomain->id);
+           $secureDomain = new LetsEncryptSecureDomain($findDomain->id);
             $secureDomain->handle();
 
-            ApacheBuild::dispatchSync();
+          ApacheBuild::dispatchSync();
 
             $findSSL = DomainSslCertificate::where('domain', $findDomain->domain)->first();
             if ($findSSL) {
-                $model->domain_ssl_certificate_id = $findSSL->id;
-                $model->certificate = $findSSL->certificate;
-                $model->private_key = $findSSL->private_key;
-                $model->expires_at = $findSSL->expiration_date;
+               $model->domain_ssl_certificate_id = $findSSL->id;
+//                $model->certificate = $findSSL->certificate;
+//                $model->private_key = $findSSL->private_key;
+           // $model->expires_at = $findSSL->expiration_date;
+//                $model->fullchain = $findSSL->expiration_date;
             }
         });
     }

diff --git a/web/Modules/LetsEncrypt/resources/views/actions/acme-sh-http-secure-command.blade.php b/web/Modules/LetsEncrypt/resources/views/actions/acme-sh-http-secure-command.blade.php
@@ -0,0 +1 @@
+/usr/local/phyre/web/Modules/LetsEncrypt/shell/acme.sh --issue -d {{$domain}} --webroot {{$domainPublic}}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		/usr/local/phyre/web/Modules/LetsEncrypt/shell/acme.sh --issue -d {{$domain}} --webroot {{$domainPublic}}