YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Backuping existing certificate (if any) also for self-signed generation

Browse source
This commit is contained in:
Alexandre Aubin 2016-11-08 22:22:13 -05:00
parent a57ebfc4e6
commit 109cbf7641
2 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
locales/en.json
View file

@ -248,6 +248,7 @@
"certmanager_error_no_A_record" : "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate ! (If you know what you are doing, use --no-checks to disable those checks.)", "certmanager_error_no_A_record" : "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate ! (If you know what you are doing, use --no-checks to disable those checks.)",
"certmanager_domain_dns_ip_differs_from_public_ip" : "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)", "certmanager_domain_dns_ip_differs_from_public_ip" : "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)",
"certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file : {file:s}), reason: {reason:s}", "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file : {file:s}), reason: {reason:s}",
"certmanager_cert_install_success_selfsigned" : "Successfully installed a self-signed certificate for domain {domain:s} !",
"certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !", "certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !",
"certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !", "certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !",
"certmanager_old_letsencrypt_app_detected" : "Command aborted because the letsencrypt app is conflicting with the yunohost certificate management features." "certmanager_old_letsencrypt_app_detected" : "Command aborted because the letsencrypt app is conflicting with the yunohost certificate management features."

24
src/yunohost/certificate.py
View file

@ -143,10 +143,18 @@ def certificate_install_selfsigned(domain_list, force=False):
if status and status["summary"]["code"] in ('good', 'great') and not force: if status and status["summary"]["code"] in ('good', 'great') and not force:
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_replace_valid_cert', domain=domain)) raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_replace_valid_cert', domain=domain))
cert_folder_domain = os.path.join(CERT_FOLDER, domain) cert_folder_domain = os.path.join(CERT_FOLDER, domain)
if not os.path.exists(cert_folder_domain): # Backup existing certificate / folder
os.makedirs(cert_folder_domain) if os.path.exists(cert_folder_domain) :
if not os.path.islink(cert_folder_domain):
_backup_current_cert(domain)
shutil.rmtree(cert_folder_domain)
else :
os.remove(cert_folder_domain)
os.makedirs(cert_folder_domain)
# Get serial # Get serial
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
@ -184,6 +192,16 @@ def certificate_install_selfsigned(domain_list, force=False):
_set_permissions(os.path.join(cert_folder_domain, "crt.pem"), "root", "metronome", 0640) _set_permissions(os.path.join(cert_folder_domain, "crt.pem"), "root", "metronome", 0640)
_set_permissions(os.path.join(cert_folder_domain, "openssl.cnf"), "root", "root", 0600) _set_permissions(os.path.join(cert_folder_domain, "openssl.cnf"), "root", "root", 0600)
# Check new status indicate a recently created self-signed certificate,
status = _get_status(domain)
if status and status["CA_type"]["code"] == "self-signed" and status["validity"] > 3648:
logger.success(m18n.n("certmanager_cert_install_success_selfsigned", domain=domain))
else :
logger.error("Installation of self-signed certificate installation for %s failed !", domain)
logger.error(str(e))
def certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=False): def certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=False):
if not os.path.exists(ACCOUNT_KEY_FILE): if not os.path.exists(ACCOUNT_KEY_FILE):
@ -474,7 +492,7 @@ def _fetch_and_enable_new_certificate(domain):
live_link = os.path.join(CERT_FOLDER, domain) live_link = os.path.join(CERT_FOLDER, domain)
if not os.path.islink(live_link): if not os.path.islink(live_link):
shutil.rmtree(live_link) # Well, yep, hopefully that's not too dangerous (directory should have been backuped before calling this command) shutil.rmtree(live_link) # Hopefully that's not too dangerous (directory should have been backuped before calling this command)
elif os.path.lexists(live_link): elif os.path.lexists(live_link):
os.remove(live_link) os.remove(live_link)