Add easy config for letsencrypt

2023-01-08 17:12:27 +00:00 · 2023-01-08 17:12:27 +00:00 · fba529ef91
parent b53c6891aa
commit fba529ef91
4 changed files with 64 additions and 15 deletions
--- a/Rocksolid_Light/rslight/letsencrypt.inc.php
+++ b/Rocksolid_Light/rslight/letsencrypt.inc.php
@ -0,0 +1,12 @@
+<?php 
+
+/* Set paths for fullchain.pem abnd privkey.pem */
+$letsencrypt['fullchain'] = file_get_contents("/etc/letsencrypt/live/<domain>/fullchain.pem");
+$letsencrypt['privkey'] = file_get_contents("/etc/letsencrypt/live/<domain>/privkey.pem");
+
+/* Please do not change anything below */
+$letsencrypt['pem_private_key'] = openssl_pkey_get_private($letsencrypt['privkey']);
+$pem_public_key = openssl_pkey_get_details($letsencrypt['pem_private_key'])['key'];
+
+$letsencrypt['server.pem'] = $letsencrypt['fullchain'];
+$letsencrypt['pubkey.pem'] = $pem_public_key;
--- a/Rocksolid_Light/rslight/scripts/cron.php
+++ b/Rocksolid_Light/rslight/scripts/cron.php
@ -46,7 +46,9 @@
  @chown($ssldir, $uinfo["uid"]);
  @chgrp($ssldir, $uinfo["gid"]);

-# Fix this. It shouldn't be necessary
+  $pemfile = $ssldir.'/server.pem';
+  create_node_ssl_cert($pemfile);
+
  $overview = $spooldir.'/articles-overview.db3';
  touch($overview);
  @chown($overview, $uinfo["uid"]);
@ -59,16 +61,6 @@
  @mkdir($logdir,0755,'recursive');
  @mkdir($lockdir,0755,'recursive');
  
-  $pemfile = $ssldir.'/server.pem';
-  $pubkeyfile = $ssldir.'/pubkey.pem';
-  if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
-      create_certificate($pemfile, $pubkeyfile);
-  }
-  if(!is_file($webtmp.'/pubkey.txt') && is_file($config_dir.'/ssl/pubkey.pem')) {
-      echo 'Writing pubkey.txt to: '.$webtmp."/pubkey.txt\n";
-      copy($config_dir.'/ssl/pubkey.pem', $webtmp.'/pubkey.txt');
-  }
-
 if(isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
  @mkdir($spooldir."nocem",0755,'recursive');
  exec($CONFIG['php_exec']." ".$config_dir."/scripts/nocem.php");
--- a/Rocksolid_Light/rslight/scripts/nntp-ssl.php
+++ b/Rocksolid_Light/rslight/scripts/nntp-ssl.php
@ -73,11 +73,10 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
 	$auth_ok = 0;
 	$user = "";
 	$pass = "";
+	
 	$pemfile = $ssldir.'/server.pem';
-	$pubkeyfile = $ssldir.'/pubkey.pem';
-	if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
-	    create_certificate($pemfile, $pubkeyfile);
-	}	
+	create_node_ssl_cert($pemfile);
+
 	$context = stream_context_create();
 	stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
 	stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
--- a/Rocksolid_Light/rslight/scripts/rslight-lib.php
+++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php
@ -1212,6 +1212,52 @@ function get_article_list($thisgroup) {
  return(array_unique($ok_article));
 }

+function create_node_ssl_cert($pemfile) {
+    global $CONFIG, $ssldir, $webtmp, $config_dir;
+    include $config_dir.'/letsencrypt.inc.php';
+    $pubkeyfile = $ssldir.'/pubkey.pem';
+    
+    if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
+      return;
+    }
+/* Use letsencrypt */    
+    if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
+        file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
+        file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
+        copy($pubkeyfile, $webtmp.'/pubkey.txt');
+        return;
+    }
+/* Create self signed cert */
+    $certificateData = array(
+        "countryName" => "US",
+        "stateOrProvinceName" => "New York",
+        "localityName" => "New York City",
+        "organizationName" => "Rocksolid",
+        "organizationalUnitName" => "Rocksolid Light",
+        "commonName" => $CONFIG['organization'],
+        "emailAddress" => "rocksolid@example.com"
+    );
+    
+    // Generate certificate
+    $privateKey = openssl_pkey_new();
+    $certificate = openssl_csr_new($certificateData, $privateKey);
+    $certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
+    
+    // Generate PEM file
+    $pem_passphrase = null; // empty for no passphrase
+    $pem = array();
+    openssl_x509_export($certificate, $pem[0]);
+    openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
+    $pem = implode($pem);
+    
+    $pubkey=openssl_pkey_get_details($privateKey);
+    
+    // Save PEM file
+    file_put_contents($pemfile, $pem);
+    file_put_contents($pubkeyfile, $pubkey['key']);
+    copy($pubkeyfile, $webtmp.'/pubkey.txt');
+}
+
 function create_certificate($pemfile, $pubkeyfile) {
    global $CONFIG;
    $certificateData = array(