From be1a76c596699f3372f5c004087cedda31b8e9f3 Mon Sep 17 00:00:00 2001 From: Julien Rabier Date: Sun, 11 Aug 2019 12:48:13 +0200 Subject: [PATCH] enabling the use of a generic challenge dir This commit adds a new configuration parameter, use_generic_challenge_dir, in order to simplify the http server configuration. Using a generic challenge dir enables the use of a generic snippet shared between multiple vhosts. --- lecm/certificate.py | 54 ++++++++++++++++++++++++++++--------------- lecm/configuration.py | 26 +++++++++++++++++---- 2 files changed, 56 insertions(+), 24 deletions(-) diff --git a/lecm/certificate.py b/lecm/certificate.py index 963aa8d..ee41eb2 100644 --- a/lecm/certificate.py +++ b/lecm/certificate.py @@ -47,8 +47,9 @@ def __init__(self, conf): 'account_%s.key' % socket.getfqdn()) self.remaining_days = conf.get('remaining_days', 10) self.days_before_expiry = self.get_days_before_expiry() - self.service_name = conf.get('service_name', 'httpd') - self.service_provider = conf.get('service_provider', 'systemd') + self.service_name = conf.get("service_name", "httpd") + self.service_provider = conf.get("service_provider", "systemd") + self.use_generic_challenge_dir = conf.get("use_generic_challenge_dir", False) self.subject = { 'C': conf.get('countryName'), @@ -226,23 +227,38 @@ def _create_csr(self): csr_file.close() def _create_certificate(self): - LOG.info('[%s] Retrieving certificate from Let''s Encrypt Server' % - self.name) - command = 'acme-tiny --account-key %s/private/%s --csr %s/csr/%s.csr \ - --acme-dir %s/challenges/%s' % (self.path, - self.account_key_name, - self.path, self.name, - self.path, self.name) - - if self.environment == 'staging': - LOG.info('[%s] Using Let''s Encrypt staging API: %s' % - (self.name, _STAGING_URL)) - command = '%s --ca %s' % (command, _STAGING_URL) - - cert_file_f = open('%s/certs/%s.crt.new' % (self.path, self.name), 'w') - - p = subprocess.Popen(command.split(), stdout=cert_file_f, - stderr=subprocess.PIPE) + LOG.info("[%s] Retrieving certificate from Let" "s Encrypt Server" % self.name) + if self.use_generic_challenge_dir: + command = ( + "acme-tiny --account-key %s/private/%s --csr %s/csr/%s.csr \ + --acme-dir %s/challenges/" + % (self.path, self.account_key_name, self.path, self.name, self.path) + ) + else: + command = ( + "acme-tiny --account-key %s/private/%s --csr %s/csr/%s.csr \ + --acme-dir %s/challenges/%s" + % ( + self.path, + self.account_key_name, + self.path, + self.name, + self.path, + self.name, + ) + ) + + if self.environment == "staging": + LOG.info( + "[%s] Using Let" "s Encrypt staging API: %s" % (self.name, _STAGING_URL) + ) + command = "%s --ca %s" % (command, _STAGING_URL) + + cert_file_f = open("%s/certs/%s.crt.new" % (self.path, self.name), "w") + + p = subprocess.Popen( + command.split(), stdout=cert_file_f, stderr=subprocess.PIPE + ) out, err = p.communicate() if p.returncode != 0: diff --git a/lecm/configuration.py b/lecm/configuration.py index 56543af..8cbbf89 100644 --- a/lecm/configuration.py +++ b/lecm/configuration.py @@ -22,11 +22,27 @@ LOG = logging.getLogger(__name__) -_FIELDS = ['type', 'size', 'digest', 'version', 'subjectAltName', - 'countryName', 'stateOrProvinceName', 'localityName', - 'organizationName', 'organizationUnitName', 'commonName', - 'emailAddress', 'account_key_name', 'path', 'remaining_days', - 'service_name', 'service_provider', 'environment'] +_FIELDS = [ + "type", + "size", + "digest", + "version", + "subjectAltName", + "countryName", + "stateOrProvinceName", + "localityName", + "organizationName", + "organizationUnitName", + "commonName", + "emailAddress", + "account_key_name", + "path", + "remaining_days", + "service_name", + "service_provider", + "environment", + "use_generic_challenge_dir", +] def check_configuration_file_existence(configuration_file_path=None):