AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add auto ssl updater to cron

This commit is contained in:
Marcus Hill 2022-06-18 19:51:37 +01:00
parent ec0599c273
commit 7bf6ea6447
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
cron.php
View File

@ -135,6 +135,59 @@ while($row = mysqli_fetch_array($sql_companies)){
mysqli_query($mysqli,"UPDATE domains SET domain_name = '$domain_name', domain_expire = '$expire', domain_ip = '$a', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois' WHERE domain_id = $domain_id");
// REFRESH SSL CERTIFICATES
// Get the oldest updated domain (MariaDB shows NULLs first when ordering by default)
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT certificate_id, certificate_domain FROM `certificates` ORDER BY certificate_updated_at LIMIT 1"));
if(!empty($row)){
$certificate_id = $row['certificate_id'];
$certificate_domain = $row['certificate_domain'];
// FQDNs in database shouldn't have a URL scheme, adding one
$domain = "https://".$certificate_domain;
// Parse host and port
$url = parse_url($domain, PHP_URL_HOST);
$port = parse_url($domain, PHP_URL_PORT);
// Default port
if(!$port){
$port = "443";
}
// Get certificate (using verify peer false to allow for self-signed certs)
$socket = "ssl://$url:$port";
$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE, "verify_peer" => FALSE,)));
$read = stream_socket_client($socket, $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $get);
if($read){
$cert = stream_context_get_params($read);
$cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
// Success - process data
if($cert_public_key_obj){
$expire = mysqli_real_escape_string($mysqli, date('Y-m-d', $cert_public_key_obj['validTo_time_t']));
$issued_by = mysqli_real_escape_string($mysqli, strip_tags($cert_public_key_obj['issuer']['O']));
$public_key = mysqli_real_escape_string($mysqli, $export);
// Update the record (forcing certificate_created_at field to be updated to ensure we don't try and update the same record every day)
mysqli_query($mysqli, "UPDATE certificates SET certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_public_key = '$public_key', certificate_updated_at = NOW() WHERE certificate_id = '$certificate_id' LIMIT 1");
echo "Updated $certificate_domain";
}
else{
// Likely the SSL socket failed, log an error notification
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Cron', notification = 'Nightly SSL update for $certificate_domain failed. Please check and manually update this record.', notification_timestamp = NOW(), company_id = $company_id");
}
}
else{
// Likely the SSL socket failed, log an error notification
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Cron', notification = 'Nightly SSL update for $certificate_domain failed. Please check and manually update this record.', notification_timestamp = NOW(), company_id = $company_id");
}
}
// GET NOTIFICATIONS
// DOMAINS EXPIRING