Fix acme.sh certificate requisition

This commit is contained in:
Disassembler 2020-04-10 20:00:42 +02:00
parent 9d90174a1b
commit 7c9ed8c17a
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499

View File

@ -102,14 +102,17 @@ def create_selfsigned_cert():
def request_acme_cert(): def request_acme_cert():
# Remove all possible conflicting certificates requested in the past # Remove all possible conflicting certificates requested in the past
domain = config.get_host()['domain'] domain = config.get_host()['domain']
certs = [i for i in os.listdir(paths.ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')] try:
for cert in certs: certs = [i for i in os.listdir(paths.ACME_DIR) if i not in ('account.conf', 'ca', 'http.header')]
if cert != domain: for cert in certs:
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--remove', '-d', cert]) if cert != domain:
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--remove', '-d', cert])
except FileNotFoundError:
pass
# Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before # Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before
if not os.path.exists(os.path.join(paths.ACME_DIR, domain)): if not os.path.exists(os.path.join(paths.ACME_DIR, domain)):
cmd = ['/usr/bin/acme.sh', '--issue', '-d', domain] cmd = ['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--issue', '-d', domain]
for app,definition in config.get_apps(): for app,definition in config.get_apps().items():
cmd += ['-d', f'{definition["host"]}.{domain}'] cmd += ['-d', f'{definition["host"]}.{domain}']
cmd += ['-w', paths.ACME_DIR] cmd += ['-w', paths.ACME_DIR]
# Request the certificate # Request the certificate
@ -123,7 +126,7 @@ def request_acme_cert():
if e.returncode != 2: if e.returncode != 2:
raise raise
# Install the issued certificate # Install the issued certificate
subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--install-cert', '-d', domain, '--key-file', crypto.CERT_KEY_FILE, '--fullchain-file', crypto.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True) subprocess.run(['/usr/bin/acme.sh', '--home', paths.ACME_DIR, '--install-cert', '-d', domain, '--key-file', paths.CERT_KEY_FILE, '--fullchain-file', paths.CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
# Enable acme.sh cronjob # Enable acme.sh cronjob
os.chmod(paths.ACME_CRON, 0o750) os.chmod(paths.ACME_CRON, 0o750)