From 7d3c6441480466a144bb348c6dd72ba2fc8b31e9 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 12 Apr 2022 22:18:54 +0200
Subject: [PATCH] fix: DNS check before creating SSL cert

---
 src/lib/letsencrypt/index.ts | 43 +++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/src/lib/letsencrypt/index.ts b/src/lib/letsencrypt/index.ts
index 857e0e998..d024c39f2 100644
--- a/src/lib/letsencrypt/index.ts
+++ b/src/lib/letsencrypt/index.ts
@@ -6,6 +6,7 @@ import cuid from 'cuid';
 import fs from 'fs/promises';
 import getPort, { portNumbers } from 'get-port';
 import { supportedServiceTypesAndVersions } from '$lib/components/common';
+import { promises as dns } from 'dns';
 
 export async function letsEncrypt(domain: string, id?: string, isCoolify = false): Promise<void> {
 	try {
@@ -199,6 +200,15 @@ export async function generateSSLCerts(): Promise<void> {
 				file.endsWith('.pem') && certificates.push(file.replace(/\.pem$/, ''));
 			}
 		}
+		const resolver = new dns.Resolver({ timeout: 2000 });
+		resolver.setServers(['8.8.8.8', '1.1.1.1']);
+		let ipv4, ipv6;
+		try {
+			ipv4 = await (await asyncExecShell(`curl -4s https://ifconfig.io`)).stdout;
+		} catch (error) {}
+		try {
+			ipv6 = await (await asyncExecShell(`curl -6s https://ifconfig.io`)).stdout;
+		} catch (error) {}
 		for (const ssl of ssls) {
 			if (!dev) {
 				if (
@@ -207,8 +217,21 @@ export async function generateSSLCerts(): Promise<void> {
 				) {
 					console.log(`Certificate for ${ssl.domain} already exists`);
 				} else {
-					console.log('Generating SSL for', ssl.domain);
-					await letsEncrypt(ssl.domain, ssl.id, ssl.isCoolify);
+					// Checking DNS entry before generating certificate
+					if (ipv4 || ipv6) {
+						const domains4 = await resolver.resolve4(ssl.domain);
+						const domains6 = await resolver.resolve6(ssl.domain);
+						if (domains4.length > 0 || domains6.length > 0) {
+							if (
+								(ipv4 && domains4.includes(ipv4.replace('\n', ''))) ||
+								(ipv6 && domains6.includes(ipv6.replace('\n', '')))
+							) {
+								console.log('Generating SSL for', ssl.domain, '.');
+								return await letsEncrypt(ssl.domain, ssl.id, ssl.isCoolify);
+							}
+						}
+					}
+					console.log('DNS settings is incorrect for', ssl.domain, 'skipping.');
 				}
 			} else {
 				if (
@@ -217,7 +240,21 @@ export async function generateSSLCerts(): Promise<void> {
 				) {
 					console.log(`Certificate for ${ssl.domain} already exists`);
 				} else {
-					console.log('Generating SSL for', ssl.domain);
+					// Checking DNS entry before generating certificate
+					if (ipv4 || ipv6) {
+						const domains4 = await resolver.resolve4(ssl.domain);
+						const domains6 = await resolver.resolve6(ssl.domain);
+						if (domains4.length > 0 || domains6.length > 0) {
+							if (
+								(ipv4 && domains4.includes(ipv4.replace('\n', ''))) ||
+								(ipv6 && domains6.includes(ipv6.replace('\n', '')))
+							) {
+								console.log('Generating SSL for', ssl.domain, '.');
+								return;
+							}
+						}
+					}
+					console.log('DNS settings is incorrect for', ssl.domain, 'skipping.');
 				}
 			}
 		}