From f1d8af1070cba6e3f8bfc0974ea6be31f97a70ca Mon Sep 17 00:00:00 2001
From: alban <alban@octopuce.fr>
Date: Fri, 22 Jun 2018 18:10:29 +0200
Subject: [PATCH] [fix] Cron should be verbose and generate_certbot should
 check dig +trace

---
 src/usr/lib/alternc/generate_certbot.php      | 47 +++++++++++++++++--
 src/usr/lib/alternc/install.d/alternc-certbot |  2 +-
 .../share/alternc/panel/class/m_certbot.php   | 36 ++++++++++----
 3 files changed, 70 insertions(+), 15 deletions(-)

diff --git a/src/usr/lib/alternc/generate_certbot.php b/src/usr/lib/alternc/generate_certbot.php
index a7201ad..1f70e6a 100755
--- a/src/usr/lib/alternc/generate_certbot.php
+++ b/src/usr/lib/alternc/generate_certbot.php
@@ -1,7 +1,24 @@
 #!/usr/bin/php
 <?php
+/**
+  * Retrieves or renews certs 
+  *
+  * Called as a cron or as an interactive script during alternc.install
+  *
+  * params : -v | --verbose  display user information
+  *
+  */
 
-// Ne v   rifie pas ma session :)
+// Handle the verbose flag
+$verbose = ( $argc > 1 && in_array( $argv[1], array( "-v", "--verbose")  ) ) ? True : False;
+function vprint( $message, $params ){
+    global $verbose;
+    if( $verbose ) {
+        echo vsprintf( "$message", $params );
+    }
+}
+
+// Ne verifie pas ma session :)
 chdir("/usr/share/alternc/panel/");
 require("/usr/share/alternc/panel/class/config_nochk.php");
 
@@ -11,20 +28,40 @@
 // Get all alternc accounts
 $accounts = $admin->get_list(1, 0, false, 'domaine');
 
+// Retrieve all domains from user accounts
+$domainsList = array();
 foreach ($accounts as $cuid => $infos) {
     $mem->su($cuid);
-
     //Get all domain set to each user
     $domains = $dom->enum_domains();
     foreach ($domains as $domain) {
         $dom->lock();
-        $domain_data=$dom->get_domain_all($domain);
+        $domain_data = $dom->get_domain_all($domain);
         // Get all hosts (subdomain)
-        $sub_domains=$domain_data['sub'];
+        $sub_domains = $domain_data['sub'];
         foreach ($sub_domains as $sub_domain) {
-            $certbot->import($sub_domain['fqdn']);
+            $domainsList[] = $sub_domain['fqdn']; 
         }
         $dom->unlock();
     }
     $mem->unsu();
 }
+// No need to request anything: exit
+if( ! count( $domainsList ) ){
+   return;
+}
+
+vprint( _("Requiring Certbot renewal for %s domains\n"), count( $domainsList )); 
+
+foreach ($domainsList as $key => $sub_domain) {
+    $spacer="                                                                                 ";
+    vprint( _("\r$spacer\rRequesting domain %d/%d: %s"), array( $key + 1, count( $domainsList),$sub_domain )); 
+    if( ! $certbot->isLocalAlterncDomain( $sub_domain ) ){
+        continue;
+    }   
+    vprint( _(" hosted locally, running certbot..."), array( )); 
+
+    $certbot->import($sub_domain);
+}
+vprint( _("\nFinished Certbot renewal\n"), count( $domainsList ));
+
diff --git a/src/usr/lib/alternc/install.d/alternc-certbot b/src/usr/lib/alternc/install.d/alternc-certbot
index c1865fc..32e22b1 100755
--- a/src/usr/lib/alternc/install.d/alternc-certbot
+++ b/src/usr/lib/alternc/install.d/alternc-certbot
@@ -23,5 +23,5 @@ if [ "$1" == "apache2" ]; then
     mysql --defaults-file=/etc/alternc/my.cnf -e "UPDATE quotas SET total=1,name='ssl' WHERE name = 'ssl';"
 
     ##Generate let's encrypt certificate
-    /usr/lib/alternc/generate_certbot.php
+    /usr/lib/alternc/generate_certbot.php --verbose
 fi
diff --git a/src/usr/share/alternc/panel/class/m_certbot.php b/src/usr/share/alternc/panel/class/m_certbot.php
index a876b8b..bc5140c 100644
--- a/src/usr/share/alternc/panel/class/m_certbot.php
+++ b/src/usr/share/alternc/panel/class/m_certbot.php
@@ -56,9 +56,9 @@ public function import($fqdn)
         $ssl_vhosts = array();
         foreach ($ssl_list as $ssl_item) {
             $ssl_vhosts[$ssl_item['fqdn']] = array(
-                        'certid' => $ssl_item['id'],
-                        'sslkey' => $ssl_item['sslkey']
-                ) ;
+                    'certid' => $ssl_item['id'],
+                    'sslkey' => $ssl_item['sslkey']
+                    ) ;
         }
 
         $output = "";
@@ -72,17 +72,35 @@ public function import($fqdn)
             $chain = file_get_contents('/etc/letsencrypt/live/'.$fqdn.'/chain.pem');
 
             if (
-                        !isset($ssl_vhosts[$fqdn]) ||
-                        (
-                                isset($ssl_vhosts[$fqdn]) &&
-                                $ssl_vhosts[$fqdn]['sslkey'] != $key
-                        )
-                ) {
+                    !isset($ssl_vhosts[$fqdn]) ||
+                    (
+                     isset($ssl_vhosts[$fqdn]) &&
+                     $ssl_vhosts[$fqdn]['sslkey'] != $key
+                    )
+               ) {
                 return $ssl->import_cert($key, $crt, $chain);
             }
         }
         return false;
     }
+
+    /**
+    * Checks if dig returns our L_PUBLIC_IP
+    */
+    function isLocalAlterncDomain( $fqdn ){
+        global $L_PUBLIC_IP; 
+        $out=array();
+        exec("dig A +trace ".escapeshellarg($fqdn),$out);
+        $found=false;
+        foreach($out as $line) {
+            if (preg_match('#.*IN.A.*?([0-9\.]*)$#',$line,$mat) && $mat[1] == $L_PUBLIC_IP) {
+                $found = true;
+                break;
+            }
+        }
+        return $found;
+    }
+
 }
 
 /* Class m_certbot */