Gecko [ thearyasamaj.org ]

Name	Size	Permission
help	[ DIR ]	drwxr-xr-x
images	[ DIR ]	drwxr-xr-x
lang	[ DIR ]	drwxr-xr-x
subdir	[ DIR ]	drwxr-xr-x
CHANGELOG	12.02 KB	-rw-r--r--
acme_tiny.py	11.24 KB	-rwxr-xr-x
adminupgrade	299 B	-rw-r--r--
backup_config.pl	1.97 KB	-rwxr-xr-x
bootup.cgi	1.04 KB	-rwxr-xr-x
cache.cgi	1.47 KB	-rwxr-xr-x
cgi_args.pl	159 B	-rwxr-xr-x
change_access.cgi	1.34 KB	-rwxr-xr-x
change_advanced.cgi	3 KB	-rwxr-xr-x
change_anon.cgi	712 B	-rwxr-xr-x
change_bind.cgi	4.8 KB	-rwxr-xr-x
change_ca.cgi	674 B	-rwxr-xr-x
change_debug.cgi	1.38 KB	-rwxr-xr-x
change_lang.cgi	478 B	-rwxr-xr-x
change_lock.cgi	554 B	-rwxr-xr-x
change_log.cgi	2.38 KB	-rwxr-xr-x
change_mobile.cgi	940 B	-rwxr-xr-x
change_os.cgi	1.85 KB	-rwxr-xr-x
change_osdn.cgi	1.54 KB	-rwxr-xr-x
change_overlay.cgi	1.16 KB	-rwxr-xr-x
change_proxy.cgi	1.09 KB	-rwxr-xr-x
change_referers.cgi	633 B	-rwxr-xr-x
change_session.cgi	4.77 KB	-rwxr-xr-x
change_ssl.cgi	3.03 KB	-rwxr-xr-x
change_startpage.cgi	773 B	-rwxr-xr-x
change_status.cgi	1.02 KB	-rwxr-xr-x
change_theme.cgi	1.16 KB	-rwxr-xr-x
change_twofactor.cgi	1.43 KB	-rwxr-xr-x
change_ui.cgi	1.65 KB	-rwxr-xr-x
change_web.cgi	2.47 KB	-rwxr-xr-x
clear_blocked.cgi	154 B	-rwxr-xr-x
clear_cache.cgi	205 B	-rwxr-xr-x
clone_mod.cgi	2.06 KB	-rwxr-xr-x
config	94 B	-rw-r--r--
config.info	609 B	-rw-r--r--
config.info.ar	414 B	-rw-r--r--
config.info.ca	408 B	-rw-r--r--
config.info.cs	233 B	-rw-r--r--
config.info.de	368 B	-rw-r--r--
config.info.es	229 B	-rw-r--r--
config.info.fa	301 B	-rw-r--r--
config.info.fr	577 B	-rw-r--r--
config.info.hr	0 B	-rw-r--r--
config.info.hu	0 B	-rw-r--r--
config.info.it	245 B	-rw-r--r--
config.info.ja	531 B	-rw-r--r--
config.info.ko	206 B	-rw-r--r--
config.info.ms	286 B	-rw-r--r--
config.info.nl	299 B	-rw-r--r--
config.info.no	283 B	-rw-r--r--
config.info.pl	284 B	-rw-r--r--
config.info.pt_BR	299 B	-rw-r--r--
config.info.ru	491 B	-rw-r--r--
config.info.sk	132 B	-rw-r--r--
config.info.sv	202 B	-rw-r--r--
config.info.tr	155 B	-rw-r--r--
cpan_modules.pl	229 B	-rwxr-xr-x
defaultacl	17 B	-rw-r--r--
delete_cache.cgi	471 B	-rwxr-xr-x
delete_mod.cgi	2.24 KB	-rwxr-xr-x
delete_webmincron.cgi	1.51 KB	-rwxr-xr-x
download_cert.cgi	532 B	-rwxr-xr-x
edit_access.cgi	1.38 KB	-rwxr-xr-x
edit_advanced.cgi	3.87 KB	-rwxr-xr-x
edit_anon.cgi	812 B	-rwxr-xr-x
edit_assignment.cgi	1.12 KB	-rwxr-xr-x
edit_bind.cgi	2.95 KB	-rwxr-xr-x
edit_blocked.cgi	944 B	-rwxr-xr-x
edit_ca.cgi	2.82 KB	-rwxr-xr-x
edit_categories.cgi	1.69 KB	-rwxr-xr-x
edit_debug.cgi	2.04 KB	-rwxr-xr-x
edit_descs.cgi	1.49 KB	-rwxr-xr-x
edit_ipkey.cgi	1.7 KB	-rwxr-xr-x
edit_lang.cgi	1004 B	-rwxr-xr-x
edit_lock.cgi	763 B	-rwxr-xr-x
edit_log.cgi	3.04 KB	-rwxr-xr-x
edit_mobile.cgi	1.26 KB	-rwxr-xr-x
edit_mods.cgi	4.67 KB	-rwxr-xr-x
edit_os.cgi	2.72 KB	-rwxr-xr-x
edit_proxy.cgi	3.7 KB	-rwxr-xr-x
edit_referers.cgi	899 B	-rwxr-xr-x
edit_sendmail.cgi	3.48 KB	-rwxr-xr-x
edit_session.cgi	5.18 KB	-rwxr-xr-x
edit_ssl.cgi	10.55 KB	-rwxr-xr-x
edit_startpage.cgi	1.68 KB	-rwxr-xr-x
edit_status.cgi	1.13 KB	-rwxr-xr-x
edit_themes.cgi	3.72 KB	-rwxr-xr-x
edit_twofactor.cgi	1.5 KB	-rwxr-xr-x
edit_ui.cgi	2.74 KB	-rwxr-xr-x
edit_upgrade.cgi	4.26 KB	-rwxr-xr-x
edit_web.cgi	2.88 KB	-rwxr-xr-x
edit_webmincron.cgi	1.35 KB	-rwxr-xr-x
export_mod.cgi	1.23 KB	-rwxr-xr-x
feedback_files.pl	126 B	-rwxr-xr-x
fix_os.cgi	228 B	-rwxr-xr-x
gnupg-lib.pl	13.38 KB	-rwxr-xr-x
hide.cgi	326 B	-rwxr-xr-x
index.cgi	4.16 KB	-rwxr-xr-x
install_mod.cgi	4.2 KB	-rwxr-xr-x
install_theme.cgi	2.29 KB	-rwxr-xr-x
jcameron-key.asc	1.29 KB	-rw-r--r--
letsencrypt-cleanup.pl	2 KB	-rwxr-xr-x
letsencrypt-dns.pl	2.46 KB	-rwxr-xr-x
letsencrypt-lib.pl	13.75 KB	-rwxr-xr-x
letsencrypt.cgi	4.64 KB	-rwxr-xr-x
log_parser.pl	1.23 KB	-rwxr-xr-x
module.info	195 B	-rw-r--r--
module.info.af	0 B	-rw-r--r--
module.info.af.auto	142 B	-rw-r--r--
module.info.ar	185 B	-rw-r--r--
module.info.ar.auto	22 B	-rw-r--r--
module.info.be	0 B	-rw-r--r--
module.info.be.auto	208 B	-rw-r--r--
module.info.bg	0 B	-rw-r--r--
module.info.bg.auto	218 B	-rw-r--r--
module.info.ca	134 B	-rw-r--r--
module.info.ca.auto	15 B	-rw-r--r--
module.info.cs	28 B	-rw-r--r--
module.info.cs.auto	128 B	-rw-r--r--
module.info.da	0 B	-rw-r--r--
module.info.da.auto	142 B	-rw-r--r--
module.info.de	126 B	-rw-r--r--
module.info.de.auto	15 B	-rw-r--r--
module.info.el	0 B	-rw-r--r--
module.info.el.auto	262 B	-rw-r--r--
module.info.es	33 B	-rw-r--r--
module.info.es.auto	109 B	-rw-r--r--
module.info.eu	0 B	-rw-r--r--
module.info.eu.auto	158 B	-rw-r--r--
module.info.fa	0 B	-rw-r--r--
module.info.fa.auto	202 B	-rw-r--r--
module.info.fi	0 B	-rw-r--r--
module.info.fi.auto	141 B	-rw-r--r--
module.info.fr	32 B	-rw-r--r--
module.info.fr.auto	129 B	-rw-r--r--
module.info.he	0 B	-rw-r--r--
module.info.he.auto	195 B	-rw-r--r--
module.info.hr	0 B	-rw-r--r--
module.info.hr.auto	149 B	-rw-r--r--
module.info.hu	30 B	-rw-r--r--
module.info.hu.auto	148 B	-rw-r--r--
module.info.it	33 B	-rw-r--r--
module.info.it.auto	107 B	-rw-r--r--
module.info.ja	180 B	-rw-r--r--
module.info.ko	22 B	-rw-r--r--
module.info.ko.auto	129 B	-rw-r--r--
module.info.lt	0 B	-rw-r--r--
module.info.lt.auto	180 B	-rw-r--r--
module.info.lv	0 B	-rw-r--r--
module.info.lv.auto	157 B	-rw-r--r--
module.info.ms	119 B	-rw-r--r--
module.info.ms.auto	15 B	-rw-r--r--
module.info.mt	0 B	-rw-r--r--
module.info.mt.auto	144 B	-rw-r--r--
module.info.nl	28 B	-rw-r--r--
module.info.nl.auto	117 B	-rw-r--r--
module.info.no	29 B	-rw-r--r--
module.info.no.auto	117 B	-rw-r--r--
module.info.pl	155 B	-rw-r--r--
module.info.pl.auto	15 B	-rw-r--r--
module.info.pt	33 B	-rw-r--r--
module.info.pt.auto	113 B	-rw-r--r--
module.info.pt_BR	36 B	-rw-r--r--
module.info.pt_BR.auto	119 B	-rw-r--r--
module.info.ro	0 B	-rw-r--r--
module.info.ro.auto	147 B	-rw-r--r--
module.info.ru	34 B	-rw-r--r--
module.info.ru.auto	172 B	-rw-r--r--
module.info.sk	30 B	-rw-r--r--
module.info.sk.auto	132 B	-rw-r--r--
module.info.sl	0 B	-rw-r--r--
module.info.sl.auto	147 B	-rw-r--r--
module.info.sv	30 B	-rw-r--r--
module.info.sv.auto	114 B	-rw-r--r--
module.info.th	0 B	-rw-r--r--
module.info.th.auto	258 B	-rw-r--r--
module.info.tr	33 B	-rw-r--r--
module.info.tr.auto	128 B	-rw-r--r--
module.info.uk	0 B	-rw-r--r--
module.info.uk.auto	215 B	-rw-r--r--
module.info.ur	0 B	-rw-r--r--
module.info.ur.auto	209 B	-rw-r--r--
module.info.vi	0 B	-rw-r--r--
module.info.vi.auto	177 B	-rw-r--r--
module.info.zh	22 B	-rw-r--r--
module.info.zh_TW	25 B	-rw-r--r--
module.info.zh_TW.auto	115 B	-rw-r--r--
newcsr.cgi	800 B	-rwxr-xr-x
newkey.cgi	879 B	-rwxr-xr-x
postinstall.pl	2.01 KB	-rwxr-xr-x
refresh_modules.cgi	664 B	-rwxr-xr-x
restart.cgi	87 B	-rwxr-xr-x
save_assignment.cgi	485 B	-rwxr-xr-x
save_categories.cgi	946 B	-rwxr-xr-x
save_descs.cgi	1006 B	-rwxr-xr-x
save_ipkey.cgi	1.31 KB	-rwxr-xr-x
save_newmod.cgi	278 B	-rwxr-xr-x
save_sendmail.cgi	2.08 KB	-rwxr-xr-x
save_webmincron.cgi	1016 B	-rwxr-xr-x
savekey.cgi	2.8 KB	-rwxr-xr-x
setup_ca.cgi	1.52 KB	-rwxr-xr-x
standard_chooser.cgi	1.68 KB	-rwxr-xr-x
stop_ca.cgi	1.03 KB	-rwxr-xr-x
syslog_logs.pl	633 B	-rwxr-xr-x
system_info.pl	5.02 KB	-rw-r--r--
test_sendmail.cgi	784 B	-rwxr-xr-x
third_chooser.cgi	1.55 KB	-rwxr-xr-x
twofactor-funcs-lib.pl	8.81 KB	-rw-r--r--
uninstall.pl	236 B	-rwxr-xr-x
update.cgi	2.86 KB	-rwxr-xr-x
upgrade.cgi	16.08 KB	-rwxr-xr-x
view_webmincron.cgi	1.66 KB	-rwxr-xr-x
webmin-lib.pl	68.83 KB	-rwxr-xr-x

Code Editor : letsencrypt-lib.pl

# Functions for cert creation with Let's Encrypt

if ($config{'letsencrypt_cmd'}) {
	$letsencrypt_cmd = &has_command($config{'letsencrypt_cmd'});
	}
else {
	$letsencrypt_cmd = &has_command("letsencrypt-auto") ||
			   &has_command("letsencrypt") ||
			   &has_command("certbot-auto") ||
			   &has_command("certbot");
	}

$account_key = "$module_config_directory/letsencrypt.pem";

$letsencrypt_chain_urls = [
	"https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem",
	"https://letsencrypt.org/certs/lets-encrypt-r3.pem",
	"https://letsencrypt.org/certs/lets-encrypt-e1.pem",
	];

# check_letsencrypt()
# Returns undef if all dependencies are installed, or an error message
sub check_letsencrypt
{
if (&has_command($letsencrypt_cmd)) {
	# Use official client
	return undef;
	}
my $python = &get_python_cmd();
if (!$python || !&has_command("openssl")) {
        return $text{'letsencrypt_ecmds'};
        }
my $out = &backquote_command("$python -c 'import argparse' 2>&1");
if ($?) {
        return &text('letsencrypt_epythonmod', '<tt>argparse</tt>');
        }
my $ver = &backquote_command("$python --version 2>&1");
if ($ver !~ /Python\s+([0-9\.]+)/) {
        return &text('letsencrypt_epythonver',
                     "<tt>".&html_escape($out)."</tt>");
        }
$ver = $1;
if ($ver < 2.5) {
        return &text('letsencrypt_epythonver2', '2.5', $ver);
        }
return undef;
}

# get_letsencrypt_install_message(return-link, return-title)
# Returns a link or form to install Let's Encrypt
sub get_letsencrypt_install_message
{
my ($rlink, $rmsg) = @_;
&foreign_require("software");
return &software::missing_install_link(
	"certbot", $text{'letsencrypt_certbot'}, $rlink, $rmsg);
}

# request_letsencrypt_cert(domain|&domains, webroot, [email], [keysize],
# 			   [request-mode], [use-staging], [account-email])
# Attempt to request a cert using a generated key with the Let's Encrypt client
# command, and write it to the given path. Returns a status flag, and either
# an error message or the paths to cert, key and chain files.
sub request_letsencrypt_cert
{
my ($dom, $webroot, $email, $size, $mode, $staging, $account_email) = @_;
my @doms = ref($dom) ? @$dom : ($dom);
$email ||= "root\@$doms[0]";
$mode ||= "web";
my ($challenge, $wellknown, $challenge_new, $wellknown_new, $wildcard);

# Wildcard mode?
foreach my $d (@doms) {
	if ($d =~ /^\*/) {
		$wildcard = $d;
		}
	}

if ($mode eq "web") {
	# Create a challenges directory under the web root
	if ($wildcard) {
		return (0, "Wildcard hostname $wildcard can only be ".
			   "validated in DNS mode");
		}
	$wellknown = "$webroot/.well-known";
	$challenge = "$wellknown/acme-challenge";
	$wellknown_new = !-d $wellknown ? $wellknown : undef;
	$challenge_new = !-d $challenge ? $challenge : undef;
	my @st = stat($webroot);
	my $user = getpwuid($st[4]);
	if (!-d $challenge) {
		my $cmd = "mkdir -p -m 755 ".quotemeta($challenge).
			  " && chmod 755 ".quotemeta($wellknown);
		if ($user && $user ne "root") {
			$cmd = &command_as_user($user, 0, $cmd);
			}
		my $out = &backquote_logged("$cmd 2>&1");
		if ($?) {
			return (0, "mkdir failed : $out");
			}
		}

# Create a .htaccess file to ensure the directory is accessible 
	if (&foreign_installed("apache")) {
		&foreign_require("apache");
		my $htaccess = "$challenge/.htaccess";
		if (!-r $htaccess && $apache::httpd_modules{'core'} >= 2.2) {
			&open_tempfile(HT, ">$htaccess");
			&print_tempfile(HT, "AuthType None\n");
			&print_tempfile(HT, "Require all granted\n");
			&print_tempfile(HT, "Satisfy any\n");
			&close_tempfile(HT);
			&set_ownership_permissions(
				$user, undef, 0755, $htaccess);
			}
		}
	}
elsif ($mode eq "dns") {
	# Make sure all the DNS zones exist
	if ($wildcard && !$letsencrypt_cmd) {
		return (0, "Wildcard hostname $wildcard can only be ".
			   "validated when the certbot Let's Encrypt client ".
			   "is installed");
		}
	&foreign_require("bind8");
	foreach my $d (@doms) {
		my $z = &get_bind_zone_for_domain($d);
		my $d = &get_virtualmin_for_domain($d);
		$z || $d || return (0, "Neither DNS zone $d or any of its ".
				       "sub-domains exist on this system");
		}
	}
else {
	return (0, "Unknown mode $mode");
	}

# Create DNS hook wrapper scripts
my $dns_hook = "$module_config_directory/letsencrypt-dns.pl";
my $cleanup_hook = "$module_config_directory/letsencrypt-cleanup.pl";
if ($mode eq "dns") {
	&foreign_require("cron");
	&cron::create_wrapper($dns_hook, $module_name,
			      "letsencrypt-dns.pl");
	&cron::create_wrapper($cleanup_hook, $module_name,
			      "letsencrypt-cleanup.pl");
	}

# Run the before command
if ($config{'letsencrypt_before'}) {
	my $out = &backquote_logged("$config{'letsencrypt_before'} 2>&1 </dev/null");
	if ($?) {
		return (0, "Pre-request command failed : $out");
		}
	}

my @rv;
if ($letsencrypt_cmd) {
	# Call the native Let's Encrypt client
	my $temp = &transname();
	&open_tempfile(TEMP, ">$temp");
	&print_tempfile(TEMP, "email = $email\n");
	&print_tempfile(TEMP, "text = True\n");
	&close_tempfile(TEMP);
	my $dir = $letsencrypt_cmd;
	my $cmd_ver = &get_certbot_major_version($letsencrypt_cmd);
	my $old_flags;
	if ($cmd_ver < 1.11) {
		$old_flags = " --manual-public-ip-logging-ok";
		}
	$dir =~ s/\/[^\/]+$//;
	$size ||= 2048;
	my $out;
	if ($mode eq "web") {
		# Webserver based validation
		&clean_environment();
		$out = &backquote_command(
			"cd $dir && (echo A | $letsencrypt_cmd certonly".
			" -a webroot ".
			join("", map { " -d ".quotemeta($_) } @doms).
			" --webroot-path ".quotemeta($webroot).
			" --duplicate".
			" --force-renewal".
			"$old_flags".
			" --non-interactive".
			" --agree-tos".
			" --config ".quotemeta($temp)."".
			" --rsa-key-size $size".
			" --cert-name ".quotemeta($doms[0]).
			($staging ? " --test-cert" : "").
			" 2>&1)");
		&reset_environment();
		}
	elsif ($mode eq "dns") {
		# DNS based validation, via hook script
		&clean_environment();
		$out = &backquote_command(
			"cd $dir && (echo A | $letsencrypt_cmd certonly".
			" --manual".
			join("", map { " -d ".quotemeta($_) } @doms).
			" --preferred-challenges=dns".
			" --manual-auth-hook $dns_hook".
			" --manual-cleanup-hook $cleanup_hook".
			" --duplicate".
			" --force-renewal".
			"$old_flags".
			" --non-interactive".
			" --agree-tos".
			" --config ".quotemeta($temp)."".
			" --rsa-key-size $size".
			" --cert-name ".quotemeta($doms[0]).
			($staging ? " --test-cert" : "").
			" 2>&1)");
		&reset_environment();
		}
	else {
		@rv = (0, "Bad mode $mode");
		goto FAILED;
		}
	if ($?) {
		@rv = (0, "<pre>".&html_escape($out || "No output from $letsencrypt_cmd")."</pre>");
		goto FAILED;
		}
	my ($full, $cert, $key, $chain);
	if ($out =~ /((?:\/usr\/local)?\/etc\/letsencrypt\/(?:live|archive)\/[a-zA-Z0-9\.\_\-\/\r\n\* ]*\.pem)/) {
		# Output contained the full path
		$full = $1;
		$full =~ s/\s//g;
		}
	else {
		# Try searching common paths
		my @fulls = (glob("/etc/letsencrypt/live/$doms[0]-*/cert.pem"),
			     glob("/usr/local/etc/letsencrypt/live/$doms[0]-*/cert.pem"));
		if (@fulls) {
			my %stats = map { $_, [ stat($_) ] } @fulls;
			@fulls = sort { $stats{$a}->[9] <=> $stats{$b}->[9] }
				      @fulls;
			$full = pop(@fulls);
			}
		else {
			@rv = (0, "Output did not contain a PEM path!");
			goto FAILED;
			}
		}
	if (!-r $full || !-s $full) {
		@rv = (0, &text('letsencrypt_efull', $full));
		goto FAILED;
		}
	$full =~ s/\/[^\/]+$//;
	$cert = $full."/cert.pem";
	if (!-r $cert || !-s $cert) {
		@rv = (0, &text('letsencrypt_ecert', $cert));
		goto FAILED;
		}
	$key = $full."/privkey.pem";
	if (!-r $key || !-s $key) {
		@rv = (0, &text('letsencrypt_ekey', $key));
		goto FAILED;
		}
	$chain = $full."/chain.pem";
	$chain = undef if (!-r $chain);
	&set_ownership_permissions(undef, undef, 0600, $cert);
	&set_ownership_permissions(undef, undef, 0600, $key);
	&set_ownership_permissions(undef, undef, 0600, $chain);

if ($account_email) {
		# Attempt to update the contact email on file with let's encrypt
		&system_logged(
		    "$letsencrypt_cmd register --update-registration".
		    " --email ".quotemeta($account_email).
		    " >/dev/null 2>&1 </dev/null");
		}

@rv = (1, $cert, $key, $chain);
	}
elsif ($mode eq "dns") {
	# Python client doesn't support DNS
	@rv = (0, $text{'letsencrypt_eacmedns'});
	}
else {
	# Fall back to local Python client
	$size ||= 4096;

# Generate the account key if missing
	if (!-r $account_key) {
		my $out = &backquote_logged(
			"openssl genrsa 4096 2>&1 >$account_key");
		if ($?) {
			@rv = (0, &text('letsencrypt_eaccountkey',
					&html_escape($out)));
			goto FAILED;
			}
		}

# Generate a key for the domain
	my $key = &transname();
	my $out = &backquote_logged("openssl genrsa $size 2>&1 >".quotemeta($key)."");
	if ($?) {
		@rv = (0, &text('letsencrypt_ekeygen', &html_escape($out)));
		goto FAILED;
		}

# Generate a CSR
	my $csr = &transname();
	my ($ok, $csr) = &generate_ssl_csr($key, undef, undef, undef,
					   undef, undef, \@doms, undef);
	if (!$ok) {
		@rv = &text('letsencrypt_ecsr', $csr);
		goto FAILED;
		}
	&copy_source_dest($csr, "/tmp/lets.csr", 1);

# Find a reasonable python version
	my $python = &get_python_cmd();

# Request the cert and key
	my $cert = &transname();
	&clean_environment();
	my $out = &backquote_logged(
		"$python $module_root_directory/acme_tiny.py ".
		"--account-key ".quotemeta($account_key)." ".
		"--csr ".quotemeta($csr)." ".
		($mode eq "web" ? "--acme-dir ".quotemeta($challenge)." "
				: "--dns-hook $dns_hook ".
				  "--cleanup-hook $cleanup_hook ").
		($staging ? "--ca https://acme-staging-v02.api.letsencrypt.org "
			  : "--disable-check ").
		"--quiet ".
		"2>&1 >".quotemeta($cert));
	&reset_environment();
	if ($?) {
		my @lines = split(/\r?\n/, $out);
		my $trace;
		for(my $i=1; $i<@lines; $i++) {
			if ($lines[$i] =~ /^Traceback\s+/) {
				$trace = $i;
				last;
				}
			}
		if ($trace) {
			@lines = @lines[0 .. $trace-1];
			$out = join("\n", @lines);
			}
		@rv = (0, &text('letsencrypt_etiny',
				"<pre>".&html_escape($out))."</pre>");
		goto FAILED;
		}
	if (!-r $cert || !-s $cert) {
		@rv = (0, &text('letsencrypt_ecert', $cert));
		goto FAILED;
		}

# Check if the returned cert contains a CA cert as well
	my $chain = &transname();
	my @certs = &cert_file_split($cert);
	if (@certs > 1) {
		# Yes .. keep the first as the cert, and use the others as
		# the chain
		my $orig = shift(@certs);
		my $fh = "CHAIN";
		&open_tempfile($fh, ">$chain");
		foreach my $c (@certs) {
			&print_tempfile($fh, $c);
			}
		&close_tempfile($fh);
		my $fh2 = "CERT";
		&open_tempfile($fh2, ">$cert");
		&print_tempfile($fh2, $orig);
		&close_tempfile($fh2);
		}
	else {
		# Download the fixed list chained cert files
		foreach my $url (@$letsencrypt_chain_urls) {
			my $cout;
			my ($host, $port, $page, $ssl) = &parse_http_url($url);
			my $err;
			&http_download($host, $port, $page, \$cout, \$err,
				       undef, $ssl);
			if ($err) {
				@rv = (0, &text('letsencrypt_echain', $err));
				goto FAILED;
				}
			if ($cout !~ /\S/ && !-r $chain) {
				@rv = (0, &text('letsencrypt_echain2', $url));
				goto FAILED;
				}
			my $fh = "CHAIN";
			&open_tempfile($fh, ">>$chain");
			&print_tempfile($fh, $cout);
			&close_tempfile($fh);
			}
		}

# Copy the per-domain files
	my $certfinal = "$module_config_directory/$doms[0].cert";
	my $keyfinal = "$module_config_directory/$doms[0].key";
	my $chainfinal = "$module_config_directory/$doms[0].ca";
	&copy_source_dest($cert, $certfinal, 1);
	&copy_source_dest($key, $keyfinal, 1);
	&copy_source_dest($chain, $chainfinal, 1);
	&set_ownership_permissions(undef, undef, 0600, $certfinal);
	&set_ownership_permissions(undef, undef, 0600, $keyfinal);
	&set_ownership_permissions(undef, undef, 0600, $chainfinal);
	&unlink_file($cert);
	&unlink_file($key);
	&unlink_file($chain);

@rv = (1, $certfinal, $keyfinal, $chainfinal);
	}

# Run the after command
FAILED:
if ($wellknown_new) {
	&cleanup_wellknown($wellknown_new, $challenge_new);
	}
if ($config{'letsencrypt_after'}) {
	&backquote_logged("$config{'letsencrypt_after'} 2>&1 </dev/null");
	}

return @rv;
}

# cleanup_wellknown(wellknown, challenge)
# Delete directories that were created as part of this process
sub cleanup_wellknown
{
my ($wellknown_new, $challenge_new) = @_;
&unlink_file($challenge_new) if ($challenge_new);
&unlink_file($wellknown_new) if ($wellknown_new);
}

# get_bind_zone_for_domain(domain)
# Given a hostname like www.foo.com, return the local BIND zone that contains
# it like foo.com
sub get_bind_zone_for_domain
{
my ($d) = @_;
&foreign_require("bind8");
my $bd = $d;
while ($bd =~ /\./) {
	my $z = &bind8::get_zone_name($bd, "any");
	if ($z && $z->{'file'} && $z->{'type'} eq 'master') {
		return ($z, $bd);
		}
	$bd =~ s/^[^\.]+\.//;
	}
return ( );
}

# get_virtualmin_for_domain(domain-name)
# If Virtualmin is installed, return the domain object that contains the given DNS domain
sub get_virtualmin_for_domain
{
my ($bd) = @_;
return undef if (!&foreign_check("virtual-server"));
&foreign_require("virtual-server");
while ($bd =~ /\./) {
	my $d = &virtual_server::get_domain_by("dom", $bd);
	if ($d && $d->{'dns'}) {
		return $d;
		}
	$bd =~ s/^[^\.]+\.//;
	}
return undef;
}

# get_certbot_major_version(cmd)
# Returns Let's Encrypt client major version, such as 1.11 or 0.40
sub get_certbot_major_version
{
my ($cmd) = @_;
my $out = &backquote_command("$cmd --version 2>&1");
if ($out && $out =~ /\s*(\d+\.\d+)\s*/) {
	return $1;
	}
return undef;
}

# cleanup_letsencrypt_files(domain)
# Delete all temporary files under /etc/letsencrypt for a domain name
sub cleanup_letsencrypt_files
{
my ($dname) = @_;
foreach my $base ("/etc/letsencrypt", "/usr/local/etc/letsencrypt") {
	next if (!-d $base);
	foreach my $f ("$base/live/$dname",
		       glob("$base/live/$dname-[0-9][0-9][0-9][0-9]"),
		       "$base/archive/$dname",
                       glob("$base/archive/$dname-[0-9][0-9][0-9][0-9]"),
		       "$base/renewal/$dname.conf",
		       glob("$base/renewal/$dname-[0-9][0-9][0-9][0-9].conf")) {
		&unlink_file($f) if (-e $f);
		}
	}
}

${this.title}

Code Editor : letsencrypt-lib.pl