Cleanup, we don't really need this anymore

2024-09-03 20:06:10 +02:00 · 2020-05-08 21:50:41 +02:00 · 2020-05-08 21:50:41 +02:00 · 33caf9cf33
commit 33caf9cf33
parent 713d4926c9
2 changed files with 0 additions and 69 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -127,10 +127,8 @@
    "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS records for domain '{domain:s}' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)",
    "certmanager_domain_http_not_working": "Domain {domain:s} does not seem to be accessible through HTTP. Please check the 'Web' category in the diagnosis for more info. (If you know what you are doing, use '--no-checks' to turn off those checks.)",
    "certmanager_domain_unknown": "Unknown domain '{domain:s}'",
-    "certmanager_error_no_A_record": "No DNS 'A' record found for '{domain:s}'. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate. (If you know what you are doing, use '--no-checks' to turn off those checks.)",
    "certmanager_warning_subdomain_dns_record": "Subdomain '{subdomain:s}' does not resolve to the same IP address as '{domain:s}'. Some features will not be available until you fix this and regenerate the certificate.",
    "certmanager_hit_rate_limit": "Too many certificates already issued for this exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details",
-    "certmanager_http_check_timeout": "Timed out when server tried to contact itself through HTTP using a public IP address (domain '{domain:s}' with IP '{ip:s}'). You may be experiencing a hairpinning issue, or the firewall/router ahead of your server is misconfigured.",
    "certmanager_no_cert_file": "Could not read the certificate file for the domain {domain:s} (file: {file:s})",
    "certmanager_self_ca_conf_file_not_found": "Could not find configuration file for self-signing authority (file: {file:s})",
    "certmanager_unable_to_parse_self_CA_name": "Could not parse name of self-signing authority (file: {file:s})",
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -29,7 +29,6 @@ import pwd
 import grp
 import smtplib
 import subprocess
-import dns.resolver
 import glob

 from datetime import datetime
@ -69,18 +68,6 @@ PRODUCTION_CERTIFICATION_AUTHORITY = "https://acme-v02.api.letsencrypt.org"

 INTERMEDIATE_CERTIFICATE_URL = "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"

-DNS_RESOLVERS = [
-    # FFDN DNS resolvers
-    # See https://www.ffdn.org/wiki/doku.php?id=formations:dns
-    "80.67.169.12",    # FDN
-    "80.67.169.40",    #
-    "89.234.141.66",   # ARN
-    "141.255.128.100",  # Aquilenet
-    "141.255.128.101",
-    "89.234.186.18",   # Grifon
-    "80.67.188.188"   # LDN
-]
-
 #
 # Front-end stuff                                                           #
 #
@ -540,7 +527,6 @@ def _fetch_and_enable_new_certificate(domain, staging=False, no_checks=False):
            raise YunohostError('certmanager_hit_rate_limit', domain=domain)
        else:
            logger.error(str(e))
-            _display_debug_information(domain)
            raise YunohostError('certmanager_cert_signing_failed')

    except Exception as e:
@ -819,59 +805,6 @@ def _check_domain_is_ready_for_ACME(domain):
        raise YunohostError('certmanager_domain_http_not_working', domain=domain)


-def _get_dns_ip(domain):
-    try:
-        resolver = dns.resolver.Resolver()
-        resolver.nameservers = DNS_RESOLVERS
-        answers = resolver.query(domain, "A")
-    except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN):
-        raise YunohostError('certmanager_error_no_A_record', domain=domain)
-
-    return str(answers[0])
-
-
-def _dns_ip_match_public_ip(public_ip, domain):
-    return _get_dns_ip(domain) == public_ip
-
-
-def _domain_is_accessible_through_HTTP(ip, domain):
-    import requests  # lazy loading this module for performance reasons
-    try:
-        requests.head("http://" + ip, headers={"Host": domain}, timeout=10)
-    except requests.exceptions.Timeout as e:
-        logger.warning(m18n.n('certmanager_http_check_timeout', domain=domain, ip=ip))
-        return False
-    except Exception as e:
-        logger.debug("Couldn't reach domain '%s' by requesting this ip '%s' because: %s" % (domain, ip, e))
-        return False
-
-    return True
-
-
-def _get_local_dns_ip(domain):
-    try:
-        resolver = dns.resolver.Resolver()
-        answers = resolver.query(domain, "A")
-    except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN):
-        logger.warning("Failed to resolved domain '%s' locally", domain)
-        return None
-
-    return str(answers[0])
-
-
-def _display_debug_information(domain):
-    dns_ip = _get_dns_ip(domain)
-    public_ip = get_public_ip()
-    local_dns_ip = _get_local_dns_ip(domain)
-
-    logger.warning("""\
-Debug information:
- - domain ip from DNS        %s
- - domain ip from local DNS  %s
- - public ip of the server   %s
-""", dns_ip, local_dns_ip, public_ip)
-
-
 # FIXME / TODO : ideally this should not be needed. There should be a proper
 # mechanism to regularly check the value of the public IP and trigger
 # corresponding hooks (e.g. dyndns update and dnsmasq regen-conf)