Skip to content

Instantly share code, notes, and snippets.

@unique1984

unique1984/ssl_look.php

Last active June 30, 2018 09:14
Show Gist options
  • Save unique1984/f531bb102051e91f2dd8994b900a5a26 to your computer and use it in GitHub Desktop.
Save unique1984/f531bb102051e91f2dd8994b900a5a26 to your computer and use it in GitHub Desktop.
Download ZIP
ISP Config 3.1 için letsencrypt ssl güncelleme sorununa getirilen çözüm
Raw
ssl_look.php
<?php
//~ exec("ls -m /etc/letsencrypt/live",$out);
///explode(",",$out);
//~ print_r($out);
//~ $out=implode("",$out);
//~ $out=explode(",",$out);
//~ print_r($out);
function get_web_sites(){
exec("find /var/www -maxdepth 1 -type l",$out);
return $out;
}
function get_domain_name($domain){
$domain_name=explode("/",$domain);
$domain_name=$domain_name[count($domain_name)-1];
return $domain_name;
}
function get_domain_path($domain){
exec("ls -lv $domain",$dir);
//~ print_r($dir);
preg_match("/\->(.*)/",$dir[0],$match);
$path=(substr(trim($match[1]),0,1)!="/"?"/var/www/":null).trim($match[1]);
$path[strlen($path)-1]!="/"?$path=$path."/":null;
return $path;
}
function get_crt($path){
//~ domain crt's
if(is_dir($path."ssl")){
$path=$path."ssl";
}
//~ ispconfig server crt.
//~ elseif(is_dir($path."../ssl")){
//~ $path=$path."../ssl";
//~ }
else{
return false;
}
exec("find $path -maxdepth 1 -name '*.crt' -type l",$crt);
array_filter($crt);
if(count($crt)>0){
return $crt;
}
}
function get_ssl_last_date($crt){
exec("openssl x509 -in ".$crt[0]." -text -noout | grep 'Not After'",$crt_info);
preg_match("/: (.*)$/",$crt_info[0],$date);
return date("Y-m-d",strtotime(trim($date[1])));
}
function get_domain_live_ssl_number($path,$domain_name){
if(is_file($path."ssl/".$domain_name."-le.crt")){
exec("ls -lv ".$path."ssl/".$domain_name."-le.crt",$dir);
preg_match("/\->.*cert(\d*)\.pem/",$dir[0],$match);
return trim($match[1])!=""?trim($match[1]):(int)0;
}
return false;
}
function get_domain_archive_last_ssl_number($domain_name){
if(is_file("/etc/letsencrypt/archive/$domain_name/cert1.pem")){
exec("ls -lv /etc/letsencrypt/archive/$domain_name/cert*.pem",$dir);
preg_match("/.*cert(\d*)\.pem/",$dir[count($dir)-1],$match);
return trim($match[1]);
}
return false;
}
$sites=get_web_sites();
$guncelle=array();
$degismedi=array();
foreach($sites as $key=>$domain){
$domain_name=get_domain_name($domain);
$path=get_domain_path($domain);
$crt=get_crt($path);
if($crt){
$last_date=get_ssl_last_date($crt);
//~eğer domain son 1 aydan az kaldıysa
$using_ssl=get_domain_live_ssl_number($path,$domain_name);
$last_ssl=get_domain_archive_last_ssl_number($domain_name);
if($using_ssl<$last_ssl){
echo $last_date." ".$domain_name." live[".$using_ssl."] - archive[".$last_ssl."]\n";
exec("/root/scripts/sslyenile.sh $domain_name $last_ssl",$guncelle);
}else{
echo $last_date." ".$domain_name." live[".$using_ssl."] - archive[".$last_ssl."]\n";
$degismedi[]=$last_date." ".$domain_name." $last_ssl. sürümünde.";
}
}
}
$sonuc=array_merge($guncelle,$degismedi);
print_r($sonuc);
Raw
sslyenile.sh
#!/bin/bash
if [ -z $1 ]; then
echo "Hangi domain işlenecek domain.com şeklinde arayınız."
else
if [ -n $1 ] && [ -z $2 ]; then
ls -lv /etc/letsencrypt/archive/$1
elif [ -n $1 ] && [ -n $2 ]; then
rm /etc/letsencrypt/live/$1/*
rm /var/www/$1/ssl/$1-le*
ln -s /etc/letsencrypt/archive/$1/cert$2.pem /etc/letsencrypt/live/$1/cert.pem
ln -s /etc/letsencrypt/archive/$1/chain$2.pem /etc/letsencrypt/live/$1/chain.pem
ln -s /etc/letsencrypt/archive/$1/fullchain$2.pem /etc/letsencrypt/live/$1/fullchain.pem
ln -s /etc/letsencrypt/archive/$1/privkey$2.pem /etc/letsencrypt/live/$1/privkey.pem
ln -s /etc/letsencrypt/archive/$1/chain$2.pem /var/www/$1/ssl/$1-le.bundle
ln -s /etc/letsencrypt/archive/$1/cert$2.pem /var/www/$1/ssl/$1-le.crt
ln -s /etc/letsencrypt/archive/$1/privkey$2.pem /var/www/$1/ssl/$1-le.key
service apache2 restart
echo "$1 domaini ssl kaydı $2. sürümüne güncellendi."
fi
fi
@unique1984
Copy link
Author

unique1984 commented Sep 5, 2017
edited
Loading

ISP Config 3.1 ile Let'sencrypt certbot aracı kullanıldığında 3Ayda bir yenilenen sertifikalar sistem sertifikayı yenilemesine rağmen gerekli dizinlere symlinkleri oluşturulmamakta bu yüzden site sertifikası süresi dolmuş göründüğünden yeşilbar görünmemekte.

cron job olarak;
*0 /12 * * * /root/.local/share/letsencrypt/bin/certbot renew
(cron üzerinde kendi certbot dizininizi belirtiniz.)
12 saatte bir sertifikalardan yenilenecek varsa yenilenmesi için komut gönderilmekte.

/root/scripts
dizinine yukarıdaki iki scripti ( ssl_look.php ve sslyenile.sh ) oluşturun
chmod +x /root/scripts/sslyenile.sh
komutu ile scripte çalıştırma yetkilerini verin.

Ayda 1 defa da olsa
php -f /root/scripts/ssl_look.php
komutunu çalıştırarak yeni sertifika varsa gerekli symlinklerin oluşturularak apache nin yeniden başlatılmasını sağlayın.

Debian Jessie 8.9 & PHP 5.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment