enabling the use of a generic challenge dir

This commit adds a new configuration parameter, use_generic_challenge_dir, in order to simplify the http server configuration. Using a generic challenge dir enables the use of a generic snippet shared between multiple vhosts.
Spredzy · Aug 11, 2019 · 6982e71 · 6982e71
1 parent 3e6a702
commit 6982e71
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 24 deletions.
diff --git a/lecm/certificate.py b/lecm/certificate.py
@@ -47,8 +47,9 @@ def __init__(self, conf):
                                          'account_%s.key' % socket.getfqdn())
         self.remaining_days = conf.get('remaining_days', 10)
         self.days_before_expiry = self.get_days_before_expiry()
-        self.service_name = conf.get('service_name', 'httpd')
-        self.service_provider = conf.get('service_provider', 'systemd')
+        self.service_name = conf.get("service_name", "httpd")
+        self.service_provider = conf.get("service_provider", "systemd")
+        self.use_generic_challenge_dir = conf.get("use_generic_challenge_dir", "no")
 
         self.subject = {
           'C': conf.get('countryName'),
@@ -226,23 +227,38 @@ def _create_csr(self):
         csr_file.close()
 
     def _create_certificate(self):
-        LOG.info('[%s] Retrieving certificate from Let''s Encrypt Server' %
-                 self.name)
-        command = 'acme-tiny --account-key %s/private/%s --csr %s/csr/%s.csr \
-                  --acme-dir %s/challenges/%s' % (self.path,
-                                                  self.account_key_name,
-                                                  self.path, self.name,
-                                                  self.path, self.name)
-
-        if self.environment == 'staging':
-            LOG.info('[%s] Using Let''s Encrypt staging API: %s' %
-                     (self.name, _STAGING_URL))
-            command = '%s --ca %s' % (command, _STAGING_URL)
-
-        cert_file_f = open('%s/certs/%s.crt.new' % (self.path, self.name), 'w')
-
-        p = subprocess.Popen(command.split(), stdout=cert_file_f,
-                             stderr=subprocess.PIPE)
+        LOG.info("[%s] Retrieving certificate from Let" "s Encrypt Server" % self.name)
+        if self.use_generic_challenge_dir == "no":
+            command = (
+                "acme-tiny --account-key %s/private/%s --csr %s/csr/%s.csr \
+                      --acme-dir %s/challenges/%s"
+                % (
+                    self.path,
+                    self.account_key_name,
+                    self.path,
+                    self.name,
+                    self.path,
+                    self.name,
+                )
+            )
+        elif self.use_generic_challenge_dir == "yes":
+            command = (
+                "acme-tiny --account-key %s/private/%s --csr %s/csr/%s.csr \
+                      --acme-dir %s/challenges/"
+                % (self.path, self.account_key_name, self.path, self.name, self.path)
+            )
+
+        if self.environment == "staging":
+            LOG.info(
+                "[%s] Using Let" "s Encrypt staging API: %s" % (self.name, _STAGING_URL)
+            )
+            command = "%s --ca %s" % (command, _STAGING_URL)
+
+        cert_file_f = open("%s/certs/%s.crt.new" % (self.path, self.name), "w")
+
+        p = subprocess.Popen(
+            command.split(), stdout=cert_file_f, stderr=subprocess.PIPE
+        )
         out, err = p.communicate()
 
         if p.returncode != 0:

diff --git a/lecm/configuration.py b/lecm/configuration.py
@@ -22,11 +22,27 @@
 
 LOG = logging.getLogger(__name__)
 
-_FIELDS = ['type', 'size', 'digest', 'version', 'subjectAltName',
-           'countryName', 'stateOrProvinceName', 'localityName',
-           'organizationName', 'organizationUnitName', 'commonName',
-           'emailAddress', 'account_key_name', 'path', 'remaining_days',
-           'service_name', 'service_provider', 'environment']
+_FIELDS = [
+    "type",
+    "size",
+    "digest",
+    "version",
+    "subjectAltName",
+    "countryName",
+    "stateOrProvinceName",
+    "localityName",
+    "organizationName",
+    "organizationUnitName",
+    "commonName",
+    "emailAddress",
+    "account_key_name",
+    "path",
+    "remaining_days",
+    "service_name",
+    "service_provider",
+    "environment",
+    "use_generic_challenge_dir",
+]
 
 
 def check_configuration_file_existence(configuration_file_path=None):