hosting_letsencrypt.module in Aegir HTTPS 7.3
LetsEncrypt certificate generation service.
File
submodules/letsencrypt/hosting_letsencrypt.moduleView source
<?php
/**
* @file
* LetsEncrypt certificate generation service.
*/
/**
* Implements hook_hosting_service().
*/
function hosting_letsencrypt_hosting_service() {
return array(
'LetsEncrypt' => 'Certificate',
);
}
/**
* Implements hook_hosting_queues().
*
* Return a list of queues that this module needs to manage.
*/
function hosting_letsencrypt_hosting_queues() {
$queues = array();
$queues['lets_encrypt'] = array(
'name' => t("Let's Encrypt"),
'description' => t("Refresh expiring Let's Encrypt certificates for HTTPS-enabled sites."),
'type' => HOSTING_QUEUE_TYPE_SPREAD,
'frequency' => strtotime("7 days", 0),
'min_threads' => 1,
'max_threads' => 5,
'count' => 5,
'threshold' => 100,
'total_items' => count(hosting_letsencrypt_get_sites(TRUE)),
'singular' => t('certificate renewal'),
'plural' => t('certificate renewals'),
);
return $queues;
}
/**
* Implements hosting_QUEUE_TYPE_queue().
*
* The main queue callback for refreshing Let's Encrypt certificates. We simply
* need to run a Verify task on each applicable site, as certificates get
* renewed there if they're close to their expiry dates.
*
* @param int $count
* The maximum number of items to queue.
*/
function hosting_lets_encrypt_queue($count) {
foreach (hosting_letsencrypt_get_sites(TRUE, $count) as $site_id) {
/* @todo Ideally we'd be running this in the backend directly. */
if ($task = hosting_add_task($site_id, 'verify')) {
watchdog('hosting_letsencrypt', 'Certificate renewal: Queuing Verify task ID %task for site %site with ID %id', array(
'%task' => $task->nid,
'%site' => node_load($site_id)->title,
'%id' => $site_id,
));
}
else {
watchdog('hosting_letsencrypt', 'Certificate renewal: Failed to queue Verify task for site %site with ID %id', array(
'%site' => node_load($site_id)->title,
'%id' => $site_id,
));
}
}
}
/**
* Fetch HTTPS-enabled site IDs using Let's Encrypt certificates.
*
* @todo Ensure sites are using the Let's Encrypt service.
*
* @param bool $queue_only
* Only return items that have not been verified in the last 4 weeks.
* @param int $limit
* The maximum number of items to return.
*/
function hosting_letsencrypt_get_sites($queue_only = FALSE, $limit = 0) {
$sites = array();
$https = array(
HOSTING_HTTPS_ENABLED,
HOSTING_HTTPS_REQUIRED,
);
$enabled = HOSTING_SITE_ENABLED;
$query = db_select('hosting_site', 's');
$query
->join('hosting_https_site', 'h', 's.nid = h.nid');
$query
->fields('s', array(
'nid',
))
->condition('h.https_enabled', $https, 'IN')
->condition('s.status', $enabled)
->orderBy('s.verified', 'ASC');
if ($queue_only) {
$query
->condition('s.verified', time() - 86400 * 7 * 2, '<=');
}
if ($limit) {
$query
->range(0, $limit);
}
$result = $query
->execute()
->fetchAll();
foreach ($result as $item) {
$sites[] = $item->nid;
}
return $sites;
}Functions
Name |
Description |
|---|---|
| hosting_letsencrypt_get_sites | Fetch HTTPS-enabled site IDs using Let's Encrypt certificates. |
| hosting_letsencrypt_hosting_queues | Implements hook_hosting_queues(). |
| hosting_letsencrypt_hosting_service | Implements hook_hosting_service(). |
| hosting_lets_encrypt_queue | Implements hosting_QUEUE_TYPE_queue(). |