diff --git a/locales/en.json b/locales/en.json index 627c11b52..2dec12706 100644 --- a/locales/en.json +++ b/locales/en.json @@ -248,6 +248,7 @@ "certmanager_error_no_A_record" : "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate ! (If you know what you are doing, use --no-checks to disable those checks.)", "certmanager_domain_dns_ip_differs_from_public_ip" : "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)", "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file : {file:s}), reason: {reason:s}", + "certmanager_cert_install_success_selfsigned" : "Successfully installed a self-signed certificate for domain {domain:s} !", "certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !", "certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !", "certmanager_old_letsencrypt_app_detected" : "Command aborted because the letsencrypt app is conflicting with the yunohost certificate management features." diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 3e999c2d1..430f6d4d2 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -143,10 +143,18 @@ def certificate_install_selfsigned(domain_list, force=False): if status and status["summary"]["code"] in ('good', 'great') and not force: raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_replace_valid_cert', domain=domain)) + cert_folder_domain = os.path.join(CERT_FOLDER, domain) - if not os.path.exists(cert_folder_domain): - os.makedirs(cert_folder_domain) + # Backup existing certificate / folder + if os.path.exists(cert_folder_domain) : + if not os.path.islink(cert_folder_domain): + _backup_current_cert(domain) + shutil.rmtree(cert_folder_domain) + else : + os.remove(cert_folder_domain) + + os.makedirs(cert_folder_domain) # Get serial ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' @@ -184,6 +192,16 @@ def certificate_install_selfsigned(domain_list, force=False): _set_permissions(os.path.join(cert_folder_domain, "crt.pem"), "root", "metronome", 0640) _set_permissions(os.path.join(cert_folder_domain, "openssl.cnf"), "root", "root", 0600) + # Check new status indicate a recently created self-signed certificate, + status = _get_status(domain) + + if status and status["CA_type"]["code"] == "self-signed" and status["validity"] > 3648: + logger.success(m18n.n("certmanager_cert_install_success_selfsigned", domain=domain)) + else : + logger.error("Installation of self-signed certificate installation for %s failed !", domain) + logger.error(str(e)) + + def certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=False): if not os.path.exists(ACCOUNT_KEY_FILE): @@ -474,7 +492,7 @@ def _fetch_and_enable_new_certificate(domain): live_link = os.path.join(CERT_FOLDER, domain) if not os.path.islink(live_link): - shutil.rmtree(live_link) # Well, yep, hopefully that's not too dangerous (directory should have been backuped before calling this command) + shutil.rmtree(live_link) # Hopefully that's not too dangerous (directory should have been backuped before calling this command) elif os.path.lexists(live_link): os.remove(live_link)