Spotter-Cluster/vmmgr
2
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix acme.sh certificate requisition

Browse Source
This commit is contained in:
Disassembler 2020-04-10 20:00:42 +02:00
parent 9d90174a1b
commit 7c9ed8c17a
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr/lib/python3.8/vmmgr/vmmgr.py
View File

@ -102,14 +102,17 @@ def create_selfsigned_cert():
def request_acme_cert(): def request_acme_cert():
# Remove all possible conflicting certificates requested in the past # Remove all possible conflicting certificates requested in the past
domain = config.get_host()['domain'] domain = config.get_host()['domain']
try:
certs = [i for i in os.listdir(paths.ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')] certs = [i for i in os.listdir(paths.ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')]
for cert in certs: for cert in certs:
if cert != domain: if cert != domain:
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--remove', '-d', cert]) subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--remove', '-d', cert])
except FileNotFoundError:
pass
# Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before # Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before
if not os.path.exists(os.path.join(paths.ACME_DIR, domain)): if not os.path.exists(os.path.join(paths.ACME_DIR, domain)):
cmd = ['/usr/bin/acme.sh', '--issue', '-d', domain] cmd = ['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--issue', '-d', domain]
for app,definition in config.get_apps(): for app,definition in config.get_apps().items():
cmd += ['-d', f'{definition["host"]}.{domain}'] cmd += ['-d', f'{definition["host"]}.{domain}']
cmd += ['-w', paths.ACME_DIR] cmd += ['-w', paths.ACME_DIR]
# Request the certificate # Request the certificate
@ -123,7 +126,7 @@ def request_acme_cert():
if e.returncode != 2: if e.returncode != 2:
raise raise
# Install the issued certificate # Install the issued certificate
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--install-cert', '-d', domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True) subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--install-cert', '-d', domain, '--key-file', paths.CERT_KEY_FILE, '--fullchain-file', paths.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
# Enable acme.sh cronjob # Enable acme.sh cronjob
os.chmod(paths.ACME_CRON, 0o750) os.chmod(paths.ACME_CRON, 0o750)