Fix acme.sh certificate requisition
This commit is contained in:
parent
9d90174a1b
commit
7c9ed8c17a
@ -102,14 +102,17 @@ def create_selfsigned_cert():
|
|||||||
def request_acme_cert():
|
def request_acme_cert():
|
||||||
# Remove all possible conflicting certificates requested in the past
|
# Remove all possible conflicting certificates requested in the past
|
||||||
domain = config.get_host()['domain']
|
domain = config.get_host()['domain']
|
||||||
certs = [i for i in os.listdir(paths.ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')]
|
try:
|
||||||
for cert in certs:
|
certs = [i for i in os.listdir(paths.ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')]
|
||||||
if cert != domain:
|
for cert in certs:
|
||||||
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--remove', '-d', cert])
|
if cert != domain:
|
||||||
|
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--remove', '-d', cert])
|
||||||
|
except FileNotFoundError:
|
||||||
|
pass
|
||||||
# Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before
|
# Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before
|
||||||
if not os.path.exists(os.path.join(paths.ACME_DIR, domain)):
|
if not os.path.exists(os.path.join(paths.ACME_DIR, domain)):
|
||||||
cmd = ['/usr/bin/acme.sh', '--issue', '-d', domain]
|
cmd = ['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--issue', '-d', domain]
|
||||||
for app,definition in config.get_apps():
|
for app,definition in config.get_apps().items():
|
||||||
cmd += ['-d', f'{definition["host"]}.{domain}']
|
cmd += ['-d', f'{definition["host"]}.{domain}']
|
||||||
cmd += ['-w', paths.ACME_DIR]
|
cmd += ['-w', paths.ACME_DIR]
|
||||||
# Request the certificate
|
# Request the certificate
|
||||||
@ -123,7 +126,7 @@ def request_acme_cert():
|
|||||||
if e.returncode != 2:
|
if e.returncode != 2:
|
||||||
raise
|
raise
|
||||||
# Install the issued certificate
|
# Install the issued certificate
|
||||||
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--install-cert', '-d', domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
|
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--install-cert', '-d', domain, '--key-file', paths.CERT_KEY_FILE, '--fullchain-file', paths.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
|
||||||
# Enable acme.sh cronjob
|
# Enable acme.sh cronjob
|
||||||
os.chmod(paths.ACME_CRON, 0o750)
|
os.chmod(paths.ACME_CRON, 0o750)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user