Skip to content

Commit 08187dc

Browse files
kirtangajjarkirtangajjar
committed
Add OCSP stapling
Copy chain file to enable ocsp stapling refactor moveCertsToNginxProxy function Signed-off-by: Kirtan Gajjar <[email protected]>
1 parent a6a706b commit 08187dc

File tree

1 file changed

+12
-18
lines changed

1 file changed

+12
-18
lines changed

php/class-ee-site-letsencrypt.php

Lines changed: 12 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -309,30 +309,24 @@ private function executeFirstRequest( $domain, array $alternativeNames, $email )
309309
EE::log( 'Certificate stored' );
310310

311311
// Post-generate actions
312-
$this->moveCertsToNginxProxy( $response );
312+
$this->moveCertsToNginxProxy( $domain );
313313
}
314314

315-
private function moveCertsToNginxProxy( CertificateResponse $response ) {
316-
$domain = $response->getCertificateRequest()->getDistinguishedName()->getCommonName();
317-
$privateKey = $response->getCertificateRequest()->getKeyPair()->getPrivateKey();
318-
$certificate = $response->getCertificate();
319-
315+
private function moveCertsToNginxProxy( string $domain ) {
320316
// To handle wildcard certs
321317
$domain = ltrim( $domain, '*.' );
322318

323-
file_put_contents( EE_CONF_ROOT . '/nginx/certs/' . $domain . '.key', $privateKey->getPEM() );
324-
325-
// Issuer chain
326-
$issuerChain = array_map(
327-
function ( Certificate $certificate ) {
328-
return $certificate->getPEM();
329-
}, $certificate->getIssuerChain()
330-
);
319+
$key_source_file = strtr( $this->conf_dir . '/' . Repository::PATH_DOMAIN_KEY_PRIVATE, [ '{domain}' => $domain ] );
320+
$crt_source_file = strtr( $this->conf_dir . '/' . Repository::PATH_DOMAIN_CERT_FULLCHAIN, [ '{domain}' => $domain ] );
321+
$chain_source_file = strtr( $this->conf_dir . '/' . Repository::PATH_DOMAIN_CERT_CHAIN, [ '{domain}' => $domain ] );
331322

332-
// Full chain
333-
$fullChainPem = $certificate->getPEM() . "\n" . implode( "\n", $issuerChain );
323+
$key_dest_file = EE_CONF_ROOT . '/nginx/certs/' . $domain . '.key';
324+
$crt_dest_file = EE_CONF_ROOT . '/nginx/certs/' . $domain . '.crt';
325+
$chain_dest_file = EE_CONF_ROOT . '/nginx/certs/' . $domain . '.chain.pem';
334326

335-
file_put_contents( EE_CONF_ROOT . '/nginx/certs/' . $domain . '.crt', $fullChainPem );
327+
copy( $key_source_file, $key_dest_file );
328+
copy( $crt_source_file, $crt_dest_file );
329+
copy( $chain_source_file, $chain_dest_file );
336330
}
337331

338332
/**
@@ -401,7 +395,7 @@ private function executeRenewal( $domain, array $alternativeNames, $force = fals
401395
$this->log( 'Certificate stored' );
402396

403397
// Post-generate actions
404-
$this->moveCertsToNginxProxy( $response );
398+
$this->moveCertsToNginxProxy( $domain );
405399
EE::log( 'Certificate renewed successfully!' );
406400

407401
}

0 commit comments

Comments
 (0)