YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Include XMPP subdomain in certificate when possible.

Browse source
This commit is contained in:
pitchum 2020-03-22 12:17:08 +01:00
parent 994f0ca1ef
commit 0bd717a21e
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
locales/en.json
View file

@ -133,6 +133,7 @@
"certmanager_domain_http_not_working": "It seems the domain {domain:s} cannot be accessed through HTTP. Check that your DNS and NGINX configuration is correct",
"certmanager_domain_unknown": "Unknown domain '{domain:s}'",
"certmanager_error_no_A_record": "No DNS 'A' record found for '{domain:s}'. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate. (If you know what you are doing, use '--no-checks' to turn off those checks.)",
"certmanager_warning_subdomain_dns_record": "Subdomain '{subdomain:s}' does not resolve to the same IP address as '{domain:s}'. Some features will not be available until you fix this and regenerate the certificate.",
"certmanager_hit_rate_limit": "Too many certificates already issued for this exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details",
"certmanager_http_check_timeout": "Timed out when server tried to contact itself through HTTP using a public IP address (domain '{domain:s}' with IP '{ip:s}'). You may be experiencing a hairpinning issue, or the firewall/router ahead of your server is misconfigured.",
"certmanager_no_cert_file": "Could not read the certificate file for the domain {domain:s} (file: {file:s})",

10
src/yunohost/certificate.py
View file

@ -639,8 +639,14 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
# Set the domain
csr.get_subject().CN = domain
# Include xmpp-upload subdomain as subject alternate names
csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:xmpp-upload." + domain)])
# Include xmpp-upload subdomain in subject alternate names
subdomain="xmpp-upload." + domain
try:
_check_domain_is_ready_for_ACME(subdomain)
logger.info("Subdmain {} is ready for ACME and will be included in the certificate.".format(subdomain))
csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
except YunohostError:
logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
# Set the key
with open(key_file, 'rt') as f: