|  | @@ -13,6 +13,7 @@ const internalNginx    = require('./nginx');
 | 
	
		
			
				|  |  |  const internalHost     = require('./host');
 | 
	
		
			
				|  |  |  const certbot_command  = '/usr/bin/certbot';
 | 
	
		
			
				|  |  |  const le_config        = '/etc/letsencrypt.ini';
 | 
	
		
			
				|  |  | +const dns_plugins      = require('../../utils/certbot-dns-plugins')
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  function omissions() {
 | 
	
		
			
				|  |  |  	return ['is_deleted'];
 | 
	
	
		
			
				|  | @@ -141,11 +142,11 @@ const internalCertificate = {
 | 
	
		
			
				|  |  |  								});
 | 
	
		
			
				|  |  |  						})
 | 
	
		
			
				|  |  |  						.then((in_use_result) => {
 | 
	
		
			
				|  |  | -							// Is CloudFlare, no config needed, so skip 3 and 5.
 | 
	
		
			
				|  |  | -							if (data.meta.cloudflare_use) {
 | 
	
		
			
				|  |  | +							// With DNS challenge no config is needed, so skip 3 and 5.
 | 
	
		
			
				|  |  | +							if (certificate.meta.dns_challenge) {
 | 
	
		
			
				|  |  |  								return internalNginx.reload().then(() => {
 | 
	
		
			
				|  |  |  									// 4. Request cert
 | 
	
		
			
				|  |  | -									return internalCertificate.requestLetsEncryptCloudFlareDnsSsl(certificate, data.meta.cloudflare_token);
 | 
	
		
			
				|  |  | +									return internalCertificate.requestLetsEncryptSslWithDnsChallenge(certificate);
 | 
	
		
			
				|  |  |  								})
 | 
	
		
			
				|  |  |  									.then(internalNginx.reload)
 | 
	
		
			
				|  |  |  									.then(() => {
 | 
	
	
		
			
				|  | @@ -772,35 +773,58 @@ const internalCertificate = {
 | 
	
		
			
				|  |  |  	},
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  	/**
 | 
	
		
			
				|  |  | -	 * @param   {Object}  certificate   the certificate row
 | 
	
		
			
				|  |  | -	 * @param	{String} apiToken		the cloudflare api token
 | 
	
		
			
				|  |  | +	 * @param   {Object}  certificate   			the certificate row
 | 
	
		
			
				|  |  | +	 * @param		{String} 	dns_provider				the dns provider name (key used in `certbot-dns-plugins.js`)
 | 
	
		
			
				|  |  | +	 * @param		{String | null} 	credentials	the content of this providers credentials file
 | 
	
		
			
				|  |  | +	 * @param		{String} 	propagation_seconds	the cloudflare api token
 | 
	
		
			
				|  |  |  	 * @returns {Promise}
 | 
	
		
			
				|  |  |  	 */
 | 
	
		
			
				|  |  | -	requestLetsEncryptCloudFlareDnsSsl: (certificate, apiToken) => {
 | 
	
		
			
				|  |  | -		logger.info('Requesting Let\'sEncrypt certificates via Cloudflare DNS for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 | 
	
		
			
				|  |  | +	requestLetsEncryptSslWithDnsChallenge: (certificate) => {
 | 
	
		
			
				|  |  | +		const dns_plugin = dns_plugins[certificate.meta.dns_provider];
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		if(!dns_plugin){
 | 
	
		
			
				|  |  | +			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`)
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -		let tokenLoc = '~/cloudflare-token';
 | 
	
		
			
				|  |  | -		let storeKey = 'echo "dns_cloudflare_api_token = ' + apiToken + '" > ' + tokenLoc;	
 | 
	
		
			
				|  |  | +		const credentials_loc = `/etc/letsencrypt/credentials-${certificate.id}`;
 | 
	
		
			
				|  |  | +		const credentials_cmd = `echo '${certificate.meta.dns_provider_credentials.replace("'", "\'")}' > '${credentials_loc}' && chmod 600 '${credentials_loc}'`;
 | 
	
		
			
				|  |  | +		const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -		let cmd = 
 | 
	
		
			
				|  |  | -			storeKey + ' && ' +
 | 
	
		
			
				|  |  | +		const main_cmd = 
 | 
	
		
			
				|  |  |  			certbot_command + ' certonly --non-interactive ' +
 | 
	
		
			
				|  |  |  			'--cert-name "npm-' + certificate.id + '" ' +
 | 
	
		
			
				|  |  |  			'--agree-tos ' +
 | 
	
		
			
				|  |  |  			'--email "' + certificate.meta.letsencrypt_email + '" ' +			
 | 
	
		
			
				|  |  |  			'--domains "' + certificate.domain_names.join(',') + '" ' +
 | 
	
		
			
				|  |  | -			'--dns-cloudflare --dns-cloudflare-credentials ' + tokenLoc +
 | 
	
		
			
				|  |  | -			(le_staging ? ' --staging' : '')
 | 
	
		
			
				|  |  | -			+ ' && rm ' + tokenLoc;
 | 
	
		
			
				|  |  | +			'--authenticator ' + dns_plugin.full_plugin_name + ' ' +
 | 
	
		
			
				|  |  | +			'--' + dns_plugin.full_plugin_name + '-credentials "' + credentials_loc + '"' +
 | 
	
		
			
				|  |  | +			(
 | 
	
		
			
				|  |  | +				certificate.meta.propagation_seconds !== undefined 
 | 
	
		
			
				|  |  | +				? ' --' + dns_plugin.full_plugin_name + '-propagation-seconds ' + certificate.meta.propagation_seconds 
 | 
	
		
			
				|  |  | +				: ''
 | 
	
		
			
				|  |  | +			) +
 | 
	
		
			
				|  |  | +			(le_staging ? ' --staging' : '');
 | 
	
		
			
				|  |  | +		
 | 
	
		
			
				|  |  | +		const teardown_cmd = `rm '${credentials_loc}'`;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  		if (debug_mode) {
 | 
	
		
			
				|  |  | -			logger.info('Command:', cmd);
 | 
	
		
			
				|  |  | +			logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd} && ${teardown_cmd}`);
 | 
	
		
			
				|  |  |  		}
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -		return utils.exec(cmd).then((result) => {
 | 
	
		
			
				|  |  | -			logger.info(result);
 | 
	
		
			
				|  |  | -			return result;
 | 
	
		
			
				|  |  | -		});
 | 
	
		
			
				|  |  | +		return utils.exec(credentials_cmd)
 | 
	
		
			
				|  |  | +			.then(() => {
 | 
	
		
			
				|  |  | +				return utils.exec(prepare_cmd)
 | 
	
		
			
				|  |  | +					.then(() => {
 | 
	
		
			
				|  |  | +						return utils.exec(main_cmd)
 | 
	
		
			
				|  |  | +							.then(async (result) => {
 | 
	
		
			
				|  |  | +								await utils.exec(teardown_cmd);
 | 
	
		
			
				|  |  | +								logger.info(result);
 | 
	
		
			
				|  |  | +								return result;
 | 
	
		
			
				|  |  | +							});
 | 
	
		
			
				|  |  | +					});
 | 
	
		
			
				|  |  | +			});
 | 
	
		
			
				|  |  |  	},
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -817,7 +841,7 @@ const internalCertificate = {
 | 
	
		
			
				|  |  |  			})
 | 
	
		
			
				|  |  |  			.then((certificate) => {
 | 
	
		
			
				|  |  |  				if (certificate.provider === 'letsencrypt') {
 | 
	
		
			
				|  |  | -					let renewMethod = certificate.meta.cloudflare_use ? internalCertificate.renewLetsEncryptCloudFlareSsl : internalCertificate.renewLetsEncryptSsl;		
 | 
	
		
			
				|  |  | +					let renewMethod = certificate.meta.dns_challenge ? internalCertificate.renewLetsEncryptSslWithDnsChallenge : internalCertificate.renewLetsEncryptSsl;		
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  					return renewMethod(certificate)
 | 
	
		
			
				|  |  |  						.then(() => {
 | 
	
	
		
			
				|  | @@ -877,22 +901,42 @@ const internalCertificate = {
 | 
	
		
			
				|  |  |  	 * @param   {Object}  certificate   the certificate row
 | 
	
		
			
				|  |  |  	 * @returns {Promise}
 | 
	
		
			
				|  |  |  	 */
 | 
	
		
			
				|  |  | -	renewLetsEncryptCloudFlareSsl: (certificate) => {
 | 
	
		
			
				|  |  | -		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 | 
	
		
			
				|  |  | +	renewLetsEncryptSslWithDnsChallenge: (certificate) => {
 | 
	
		
			
				|  |  | +		const dns_plugin = dns_plugins[certificate.meta.dns_provider];
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -		let cmd = certbot_command + ' renew --non-interactive ' +
 | 
	
		
			
				|  |  | +		if(!dns_plugin){
 | 
	
		
			
				|  |  | +			throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`)
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		const credentials_loc = `/etc/letsencrypt/credentials-${certificate.id}`;
 | 
	
		
			
				|  |  | +		const credentials_cmd = `echo '${certificate.meta.dns_provider_credentials.replace("'", "\'")}' > '${credentials_loc}' && chmod 600 '${credentials_loc}'`;
 | 
	
		
			
				|  |  | +		const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		const main_cmd =
 | 
	
		
			
				|  |  | +			certbot_command + ' renew --non-interactive ' +
 | 
	
		
			
				|  |  |  			'--cert-name "npm-' + certificate.id + '" ' +
 | 
	
		
			
				|  |  | -			'--disable-hook-validation ' +
 | 
	
		
			
				|  |  | -			(le_staging ? '--staging' : '');
 | 
	
		
			
				|  |  | +			'--disable-hook-validation' +
 | 
	
		
			
				|  |  | +			(le_staging ? ' --staging' : '');
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		const teardown_cmd = `rm '${credentials_loc}'`;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  		if (debug_mode) {
 | 
	
		
			
				|  |  | -			logger.info('Command:', cmd);
 | 
	
		
			
				|  |  | +			logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd} && ${teardown_cmd}`);
 | 
	
		
			
				|  |  |  		}
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -		return utils.exec(cmd)
 | 
	
		
			
				|  |  | -			.then((result) => {
 | 
	
		
			
				|  |  | -				logger.info(result);
 | 
	
		
			
				|  |  | -				return result;
 | 
	
		
			
				|  |  | +		return utils.exec(credentials_cmd)
 | 
	
		
			
				|  |  | +			.then(() => {
 | 
	
		
			
				|  |  | +				return utils.exec(prepare_cmd)
 | 
	
		
			
				|  |  | +					.then(() => {
 | 
	
		
			
				|  |  | +						return utils.exec(main_cmd)
 | 
	
		
			
				|  |  | +							.then(async (result) => {
 | 
	
		
			
				|  |  | +								await utils.exec(teardown_cmd);
 | 
	
		
			
				|  |  | +								logger.info(result);
 | 
	
		
			
				|  |  | +								return result;
 | 
	
		
			
				|  |  | +							});
 | 
	
		
			
				|  |  | +					});
 | 
	
		
			
				|  |  |  			});
 | 
	
		
			
				|  |  |  	},
 | 
	
		
			
				|  |  |  
 |