Backuping existing certificate (if any) also for self-signed generation

locales/en.json

@@ -248,6 +248,7 @@
     "certmanager_error_no_A_record" : "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate ! (If you know what you are doing, use --no-checks to disable those checks.)",
     "certmanager_domain_dns_ip_differs_from_public_ip" : "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)",
     "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file : {file:s}), reason: {reason:s}",
+    "certmanager_cert_install_success_selfsigned" : "Successfully installed a self-signed certificate for domain {domain:s} !",
     "certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !",
     "certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !",
     "certmanager_old_letsencrypt_app_detected" : "Command aborted because the letsencrypt app is conflicting with the yunohost certificate management features."

src/yunohost/certificate.py

@@ -143,10 +143,18 @@ def certificate_install_selfsigned(domain_list, force=False):
         if status and status["summary"]["code"] in ('good', 'great') and not force:
             raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_replace_valid_cert', domain=domain))
 
+
         cert_folder_domain = os.path.join(CERT_FOLDER, domain)
 
-        if not os.path.exists(cert_folder_domain):
-            os.makedirs(cert_folder_domain)
+        # Backup existing certificate / folder
+        if os.path.exists(cert_folder_domain) :
+            if not os.path.islink(cert_folder_domain):
+                _backup_current_cert(domain)
+                shutil.rmtree(cert_folder_domain)
+            else :
+                os.remove(cert_folder_domain)
+
+        os.makedirs(cert_folder_domain)
 
         # Get serial
         ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
@@ -184,6 +192,16 @@ def certificate_install_selfsigned(domain_list, force=False):
         _set_permissions(os.path.join(cert_folder_domain, "crt.pem"), "root", "metronome", 0640)
         _set_permissions(os.path.join(cert_folder_domain, "openssl.cnf"), "root", "root", 0600)
 
+        # Check new status indicate a recently created self-signed certificate,
+        status = _get_status(domain)
+
+        if status and status["CA_type"]["code"] == "self-signed" and status["validity"] > 3648:
+            logger.success(m18n.n("certmanager_cert_install_success_selfsigned", domain=domain))
+        else :
+            logger.error("Installation of self-signed certificate installation for %s failed !", domain)
+            logger.error(str(e))
+
+
 
 def certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=False):
     if not os.path.exists(ACCOUNT_KEY_FILE):
@@ -474,7 +492,7 @@ def _fetch_and_enable_new_certificate(domain):
     live_link = os.path.join(CERT_FOLDER, domain)
 
     if not os.path.islink(live_link):
-        shutil.rmtree(live_link)  # Well, yep, hopefully that's not too dangerous (directory should have been backuped before calling this command)
+        shutil.rmtree(live_link)  # Hopefully that's not too dangerous (directory should have been backuped before calling this command)
 
     elif os.path.lexists(live_link):
         os.remove(live_link)