mirror of
https://github.com/webmin/webmin.git
synced 2026-04-16 22:20:26 +01:00
let's encrypt cert size option
This commit is contained in:
Jamie Cameron
@@ -134,3 +134,5 @@ Added an option for automatically renewing Let's Encrypt certificates.
|
||||
If the Let's Encrypt client is not installed, Webmin will use its own built-in client code to request a certificate.
|
||||
---- Changes since 1.800 ----
|
||||
Added an option to the logging page for sending Webmin action log messages via email.
|
||||
---- Changes since 1.810 ----
|
||||
The Let's Encrypt key size can now be customized.
|
||||
|
||||
@@ -302,9 +302,15 @@ else {
|
||||
print &ui_table_row($text{'ssl_webroot'},
|
||||
&ui_radio_table("webroot_mode", $mode, \@opts));
|
||||
|
||||
# Install in Webmin now?
|
||||
print &ui_table_row($text{'ssl_usewebmin'},
|
||||
&ui_yesno_radio("use", 1));
|
||||
|
||||
# SSL key size
|
||||
print &ui_table_row($text{'ssl_size'},
|
||||
&ui_opt_textbox("size", undef, 6, $text{'default'}).
|
||||
" ".$text{'ssl_bits'});
|
||||
|
||||
# Renewal option
|
||||
my $job = &find_letsencrypt_cron_job();
|
||||
my $renew = $job && $job->{'months'} =~ /^\*\/(\d+)$/ ? $1 : undef;
|
||||
|
||||
@@ -350,7 +350,7 @@ ssl_all=Any hostname
|
||||
ssl_newfile=Write key to file
|
||||
ssl_csrfile=Write CSR to file
|
||||
ssl_usenew=Use new key immediately?
|
||||
ssl_size=RSA key size
|
||||
ssl_size=SSL key size
|
||||
ssl_custom=Custom size
|
||||
ssl_bits=bits
|
||||
ssl_eextraca=Additional certificate file '$1' does not exist
|
||||
|
||||
@@ -41,13 +41,13 @@ if ($?) {
|
||||
return undef;
|
||||
}
|
||||
|
||||
# request_letsencrypt_cert(domain|&domains, domain-webroot, [email])
|
||||
# request_letsencrypt_cert(domain|&domains, domain-webroot, [email], [keysize])
|
||||
# Attempt to request a cert using a generated key with the Let's Encrypt client
|
||||
# command, and write it to the given path. Returns a status flag, and either
|
||||
# an error message or the paths to cert, key and chain files.
|
||||
sub request_letsencrypt_cert
|
||||
{
|
||||
my ($dom, $webroot, $email) = @_;
|
||||
my ($dom, $webroot, $email, $size) = @_;
|
||||
my @doms = ref($dom) ? @$dom : ($dom);
|
||||
$email ||= "root\@$doms[0]";
|
||||
|
||||
@@ -75,7 +75,8 @@ if ($letsencrypt_cmd) {
|
||||
&close_tempfile(TEMP);
|
||||
my $dir = $letsencrypt_cmd;
|
||||
$dir =~ s/\/[^\/]+$//;
|
||||
my $out = &backquote_command("cd $dir && (echo A | $letsencrypt_cmd certonly -a webroot ".join(" ", map { "-d ".quotemeta($_) } @doms)." --webroot-path ".quotemeta($webroot)." --duplicate --config $temp --rsa-key-size 2048 2>&1)");
|
||||
$size ||= 2048;
|
||||
my $out = &backquote_command("cd $dir && (echo A | $letsencrypt_cmd certonly -a webroot ".join(" ", map { "-d ".quotemeta($_) } @doms)." --webroot-path ".quotemeta($webroot)." --duplicate --config $temp --rsa-key-size $size 2>&1)");
|
||||
if ($?) {
|
||||
return (0, "<pre>".&html_escape($out || "No output from $letsencrypt_cmd")."</pre>");
|
||||
}
|
||||
@@ -103,6 +104,7 @@ if ($letsencrypt_cmd) {
|
||||
}
|
||||
else {
|
||||
# Fall back to local Python client
|
||||
$size ||= 4096;
|
||||
|
||||
# But first check if the native Let's Encrypt client was used previously
|
||||
# for this system - if so, it must be used in future due to the account
|
||||
@@ -122,7 +124,7 @@ else {
|
||||
|
||||
# Generate a key for the domain
|
||||
my $key = &transname();
|
||||
my $out = &backquote_logged("openssl genrsa 4096 2>&1 >$key");
|
||||
my $out = &backquote_logged("openssl genrsa $size 2>&1 >$key");
|
||||
if ($?) {
|
||||
return (0, &text('letsencrypt_ekeygen', &html_escape($out)));
|
||||
}
|
||||
|
||||
@@ -21,6 +21,9 @@ foreach my $dom (@doms) {
|
||||
}
|
||||
$in{'renew_def'} || $in{'renew'} =~ /^[1-9][0-9]*$/ ||
|
||||
&error($text{'letsencrypt_erenew'});
|
||||
$in{'size_def'} || $in{'size'} =~ /^\d+$/ ||
|
||||
&error($text{'newkey_esize'});
|
||||
my $size = $in{'size_def'} ? undef : $in{'size'};
|
||||
my $webroot;
|
||||
if ($in{'webroot_mode'} == 2) {
|
||||
# Some directory
|
||||
@@ -68,7 +71,7 @@ else {
|
||||
print &text('letsencrypt_doing',
|
||||
"<tt>".&html_escape(join(", ", @doms))."</tt>",
|
||||
"<tt>".&html_escape($webroot)."</tt>"),"<p>\n";
|
||||
my ($ok, $cert, $key, $chain) = &request_letsencrypt_cert(\@doms, $webroot);
|
||||
my ($ok, $cert, $key, $chain) = &request_letsencrypt_cert(\@doms, $webroot, undef, $size);
|
||||
if (!$ok) {
|
||||
print &text('letsencrypt_failed', $cert),"<p>\n";
|
||||
}
|
||||
@@ -135,6 +138,7 @@ sub save_renewal_only
|
||||
my ($doms, $webroot) = @_;
|
||||
$config{'letsencrypt_doms'} = join(" ", @$doms);
|
||||
$config{'letsencrypt_webroot'} = $webroot;
|
||||
$config{'letsencrypt_size'} = $size;
|
||||
&save_module_config();
|
||||
if (&foreign_check("webmincron")) {
|
||||
my $job = &find_letsencrypt_cron_job();
|
||||
|
||||
@@ -2713,6 +2713,7 @@ sub renew_letsencrypt_cert
|
||||
{
|
||||
my @doms = split(/\s+/, $config{'letsencrypt_doms'});
|
||||
my $webroot = $config{'letsencrypt_webroot'};
|
||||
my $size = $config{'letsencrypt_size'};
|
||||
if (!@doms) {
|
||||
print "No domains saved to renew cert for!\n";
|
||||
return;
|
||||
@@ -2725,7 +2726,8 @@ elsif (!-d $webroot) {
|
||||
print "Webroot $webroot does not exist!\n";
|
||||
return;
|
||||
}
|
||||
my ($ok, $cert, $key, $chain) = &request_letsencrypt_cert(\@doms, $webroot);
|
||||
my ($ok, $cert, $key, $chain) = &request_letsencrypt_cert(\@doms, $webroot,
|
||||
undef, $size);
|
||||
if (!$ok) {
|
||||
print "Failed to renew certificate : $cert\n";
|
||||
return;
|
||||
|
||||
Reference in New Issue
Block a user