Skip to content

Commit

Permalink
Fix to correctly set and reuse certificate hash type
Browse files Browse the repository at this point in the history 
https://forum.virtualmin.com/t/unable-to-switch-ssl-certificate-into-elliptic-curve/122383?u=ilia
  • Loading branch information
@iliajie
iliajie committed Aug 31, 2023
1 parent 9c96fa1 commit a1c8dd6
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 4 deletions.
7 changes: 5 additions & 2 deletions feature-ssl.pl
View file
Expand Up @@ -3196,6 +3196,9 @@ sub request_domain_letsencrypt_cert
&foreign_require("webmin");
my $phd = &public_html_dir($d);
my ($ok, $cert, $key, $chain);
my $actype = $ctype =~ /^ec/ ? "ecdsa" : "rsa";
my $dctype = $d->{'letsencrypt_ctype'} =~ /^ec/ ? "ecdsa" : "rsa";
my $actype_reuse = $actype eq $dctype ? 1 : 0;
my @errs;
my @wilds = grep { /^\*\./ } @$dnames;
&lock_file($ssl_letsencrypt_lock);
Expand All @@ -3204,15 +3207,15 @@ sub request_domain_letsencrypt_cert
# Try using website first
($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert(
$dnames, $phd, $d->{'emailto'}, $size, "web", $staging,
&get_global_from_address(), $ctype =~ /^ec/ ? "ecdsa" : "rsa");
&get_global_from_address(), $actype, $actype_reuse);
push(@errs, &text('letsencrypt_eweb', $cert)) if (!$ok);
}
if (!$ok && &get_webmin_version() >= 1.834 && $d->{'dns'} &&
(!$mode || $mode eq "dns")) {
# Fall back to DNS
($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert(
$dnames, undef, $d->{'emailto'}, $size, "dns", $staging,
&get_global_from_address(), $ctype =~ /^ec/ ? "ecdsa" : "rsa");
&get_global_from_address(), $actype, $actype_reuse);
push(@errs, &text('letsencrypt_edns', $cert)) if (!$ok);
}
elsif (!$ok) {
Expand Down
3 changes: 2 additions & 1 deletion generate-letsencrypt-cert.pl
View file
Expand Up @@ -102,6 +102,7 @@ package virtual_server;
&usage("The Let's Encrypt client on your system does ".
"not support EC certificates");
}
$ctype ||= ($d->{'letsencrypt_ctype'} || "rsa");
if (!@dnames) {
# No hostnames specified
if ($defdnames || !$d->{'letsencrypt_dname'}) {
Expand Down Expand Up @@ -199,7 +200,7 @@ package virtual_server;
$d->{'letsencrypt_last'} = time();
$d->{'letsencrypt_last_success'} = time();
$d->{'letsencrypt_renew'} = $renew;
$d->{'letsencrypt_ctype'} = $ctype;
$d->{'letsencrypt_ctype'} = $ctype =~ /^ec/ ? "ecdsa" : "rsa";
$d->{'letsencrypt_size'} = $size;
&refresh_ssl_cert_expiry($d);
&save_domain($d);
Expand Down
2 changes: 1 addition & 1 deletion letsencrypt.cgi
View file
Expand Up @@ -136,7 +136,7 @@ else {
$d->{'letsencrypt_dname'} = $custom_dname;
$d->{'letsencrypt_dwild'} = $in{'dwild'};
$d->{'letsencrypt_renew'} = $in{'renew'};
$d->{'letsencrypt_ctype'} = $in{'ctype'};
$d->{'letsencrypt_ctype'} = $in{'ctype'} =~ /^ec/ ? "ecdsa" : "rsa";
$d->{'letsencrypt_last'} = time();
$d->{'letsencrypt_last_success'} = time();
&refresh_ssl_cert_expiry($d);
Expand Down

0 comments on commit a1c8dd6

Please sign in to comment.