diff --git a/yunohost_domain.py b/yunohost_domain.py index 54d5a8a9..6f859237 100644 --- a/yunohost_domain.py +++ b/yunohost_domain.py @@ -68,6 +68,28 @@ def domain_add(domains, web=False): domains = [ domains ] for domain in domains: + ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' + ssl_domain_path = '/etc/yunohost/certs/'+ domain + with open(ssl_dir +'/serial', 'r') as f: + serial = f.readline().rstrip() + try: os.listdir(ssl_domain_path) + except OSError: os.makedirs(ssl_domain_path) + + command_list = [ + 'cp '+ ssl_dir +'/openssl.cnf '+ ssl_domain_path, + 'sed -i "s/yunohost.org/' + domain + '/g" '+ ssl_domain_path +'/openssl.cnf', + 'openssl req -new -config '+ ssl_domain_path +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/certs/yunohost_csr.pem -keyout '+ ssl_dir +'/certs/yunohost_key.pem -nodes -batch', + 'openssl ca -config '+ ssl_domain_path +'/openssl.cnf -days 3650 -in '+ ssl_dir +'/certs/yunohost_csr.pem -out '+ ssl_dir +'/certs/yunohost_crt.pem -batch', + 'ln -s /etc/ssl/certs/ca-yunohost_crt.pem '+ ssl_domain_path +'/ca.pem', + 'cp '+ ssl_dir +'/certs/yunohost_key.pem '+ ssl_domain_path +'/key.pem', + 'cp '+ ssl_dir +'/newcerts/'+ serial +'.pem '+ ssl_domain_path +'/crt.pem', + 'chmod 600 '+ ssl_domain_path +'/key.pem' + ] + + for command in command_list: + if os.system(command) != 0: + raise YunoHostError(17, _("An error occurred during certificate generation")) + if web: lemon_configuration({ ('exportedHeaders', domain, 'Auth-User'): '$uid', @@ -130,28 +152,6 @@ def domain_add(domains, web=False): os.system('service bind9 reload') - ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' - ssl_domain_path = '/etc/yunohost/certs/'+ domain - with open(ssl_dir +'/serial', 'r') as f: - serial = f.readline().rstrip() - try: os.listdir(ssl_domain_path) - except OSError: os.makedirs(ssl_domain_path) - - command_list = [ - 'cp '+ ssl_dir +'/openssl.cnf '+ ssl_domain_path, - 'sed -i "s/yunohost.org/' + domain + '/g" '+ ssl_domain_path +'/openssl.cnf', - 'openssl req -new -config '+ ssl_domain_path +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/certs/yunohost_csr.pem -keyout '+ ssl_dir +'/certs/yunohost_key.pem -nodes -batch', - 'openssl ca -config '+ ssl_domain_path +'/openssl.cnf -days 3650 -in '+ ssl_dir +'/certs/yunohost_csr.pem -out '+ ssl_dir +'/certs/yunohost_crt.pem -batch', - 'ln -s /etc/ssl/certs/ca-yunohost_crt.pem '+ ssl_domain_path +'/ca.pem', - 'cp '+ ssl_dir +'/certs/yunohost_key.pem '+ ssl_domain_path +'/key.pem', - 'cp '+ ssl_dir +'/newcerts/'+ serial +'.pem '+ ssl_domain_path +'/crt.pem', - 'chmod 600 '+ ssl_domain_path +'/key.pem' - ] - - for command in command_list: - if os.system(command) != 0: - raise YunoHostError(17, _("An error occurred during certificate generation")) - if yldap.add('virtualdomain=' + domain + ',ou=domains', attr_dict): result.append(domain) continue diff --git a/yunohost_tools.py b/yunohost_tools.py index 0a29bc4b..f4ea04f3 100644 --- a/yunohost_tools.py +++ b/yunohost_tools.py @@ -130,6 +130,8 @@ def tools_maindomain(old_domain, new_domain): lemon_conf.write(line + '\n') os.system('rm /etc/yunohost/apache/domains/' + old_domain + '.d/*.fixed.conf') # remove SSO apache conf dir from old domain conf (fail if postinstall) + os.system('rm /etc/ssl/private/yunohost_key.pem') + os.system('rm /etc/ssl/certs/yunohost_crt.pem') command_list = [ 'cp /etc/yunohost/apache/templates/sso.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/sso.fixed.conf', # add SSO apache conf dir to new domain conf