From ade6481ccbbaffe194b7f28a392bd2b5ed7183ce Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Wed, 14 Oct 2020 03:50:14 +0200 Subject: [PATCH 1/3] [fix] intermediate_certificate is now included in signed certificate Fixes #1644 --- src/yunohost/certificate.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 882e37863..4a4ff8bb4 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -539,12 +539,6 @@ def _fetch_and_enable_new_certificate(domain, staging=False, no_checks=False): raise YunohostError('certmanager_cert_signing_failed') - import requests # lazy loading this module for performance reasons - try: - intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL, timeout=30).text - except requests.exceptions.Timeout as e: - raise YunohostError('certmanager_couldnt_fetch_intermediate_cert') - # Now save the key and signed certificate logger.debug("Saving the key and signed certificate...") @@ -573,7 +567,6 @@ def _fetch_and_enable_new_certificate(domain, staging=False, no_checks=False): with open(domain_cert_file, "w") as f: f.write(signed_certificate) - f.write(intermediate_certificate) _set_permissions(domain_cert_file, "root", "ssl-cert", 0o640) From 8c735cdc07c7c5c4fc9f785169801ec148a79a37 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 14 Oct 2020 04:08:34 +0200 Subject: [PATCH 2/3] Remove stale code --- locales/en.json | 1 - src/yunohost/certificate.py | 2 -- 2 files changed, 3 deletions(-) diff --git a/locales/en.json b/locales/en.json index e3b0c12a2..7c1d8d87e 100644 --- a/locales/en.json +++ b/locales/en.json @@ -121,7 +121,6 @@ "certmanager_cert_renew_success": "Let's Encrypt certificate renewed for the domain '{domain:s}'", "certmanager_cert_signing_failed": "Could not sign the new certificate", "certmanager_certificate_fetching_or_enabling_failed": "Trying to use the new certificate for {domain:s} did not work...", - "certmanager_couldnt_fetch_intermediate_cert": "Timed out when trying to fetch intermediate certificate from Let's Encrypt. Certificate installation/renewal aborted—please try again later.", "certmanager_domain_not_diagnosed_yet": "There is no diagnosis result for domain {domain} yet. Please re-run a diagnosis for categories 'DNS records' and 'Web' in the diagnosis section to check if the domain is ready for Let's Encrypt. (Or if you know what you are doing, use '--no-checks' to turn off those checks.)", "certmanager_domain_cert_not_selfsigned": "The certificate for domain {domain:s} is not self-signed. Are you sure you want to replace it? (Use '--force' to do so.)", "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS records for domain '{domain:s}' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)", diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 4a4ff8bb4..2118037d9 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -66,8 +66,6 @@ STAGING_CERTIFICATION_AUTHORITY = "https://acme-staging.api.letsencrypt.org" # For prod PRODUCTION_CERTIFICATION_AUTHORITY = "https://acme-v02.api.letsencrypt.org" -INTERMEDIATE_CERTIFICATE_URL = "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem" - # # Front-end stuff # # From c640c045d9f41d55de18337cecb5b09aea32dc47 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 4 Nov 2020 23:32:40 +0100 Subject: [PATCH 3/3] Update changelog for 4.0.8.2 --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index e2f35a9c4..846ab8adc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +yunohost (4.0.8.2) stable; urgency=low + + - [fix] intermediate_certificate is now included in signed certificate (#1067) + + Thanks to all contributors <3 ! (Bram) + + -- Alexandre Aubin Wed, 04 Nov 2020 23:32:16 +0100 + yunohost (4.0.8.1) stable; urgency=low - [fix] App installs logs were still disclosing secrets when shared sometimes ...