bootstrap let's encrypt feature

2024-09-03 20:06:10 +02:00 · 2015-11-04 21:52:41 +01:00 · 2015-11-04 21:52:41 +01:00 · 55e9657f55
commit 55e9657f55
parent 8787f66777
3 changed files with 46 additions and 8 deletions
--- a/data/hooks/conf_regen/16-letsencrypt
+++ b/data/hooks/conf_regen/16-letsencrypt
@ -0,0 +1,31 @@
+#!/bin/bash
+set -e 
+
+force=$1
+
+function safe_copy () {
+    if [ $force ]; then
+        sudo yunohost service safecopy \
+          -s letsencrypt \
+          $1 $2 \
+          --force
+    else
+        sudo yunohost service safecopy \
+          -s letsencrypt \
+          $1 $2
+    fi
+}
+
+# Install let's encrypt if not present
+if [ ! -d /etc/letsencrypt ]; then
+    cd /root
+    git clone https://github.com/letsencrypt/letsencrypt /root
+    mkdir -p /etc/letsencrypt/webrootauth
+fi
+
+domain_list=$(sudo yunohost domain list --plain)
+for domain in $domain_list; do
+    if [ ! -d /etc/letsencrypt/live/$domain ]; then
+        yunohost domain letsencrypt -c $domain
+    fi
+done
--- a/locales/en.json
+++ b/locales/en.json
@ -57,6 +57,13 @@
    "domain_deleted" : "Domain successfully deleted",
    "no_internet_connection": "Server not connected to the Internet",
    "no_ipv6_connectivity": "IPv6 connectivity is not available",
+    "domain_letsencrypt_created" : "Let's encrypt certificate successfully created.",
+    "domain_letsencrypt_create_failed" : "Unable to create Let's encrypt certificate.",
+    "domain_letsencrypt_renewed" : "Let's encrypt certificate successfully renewed.",
+    "domain_letsencrypt_renew_failed" : "Unable to renew Let's encrypt certificate.",
+    "domain_letsencrypt_revoked" : "Let's encrypt certificate successfully revoked.",
+    "domain_letsencrypt_revoke_failed" : "Unable to revoke Let's encrypt certificate.",
+    "domain_letsencrypt_badarg" : "Bad argument, choose between create, renew or revoke.",

    "dyndns_key_generating" : "DNS key is being generated, it may take a while...",
    "dyndns_unavailable" : "Unavailable DynDNS subdomain",
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@ -258,14 +258,14 @@ def domain_letsencrypt(auth, domain, create=False, renew=False, revoke=False):
        # backup self signed certificate if exist
        if os.path.exists('/etc/yunohost/certs/%s/cert.pem' % domain):
            os.system('mkdir -p /etc/yunohost/certs/%s/yunohost_self_signed' % domain)
-            os.system('mv /etc/yunohost/certs/%s/*.pem /etc/yunohost/certs/%s/*.cnf /etc/yunohost/certs/%s/yunohost_self_signed/' % domain)
-            os.system('rm -f /etc/yunohost/certs/%s/*.pem /etc/yunohost/certs/%s/*.cnf' % domain)
+            os.system('sudo mv /etc/yunohost/certs/%s/*.pem /etc/yunohost/certs/%s/*.cnf /etc/yunohost/certs/%s/yunohost_self_signed/' % domain)
+            os.system('sudo rm -f /etc/yunohost/certs/%s/*.pem /etc/yunohost/certs/%s/*.cnf' % domain)

        # create certificate
        try:
-            os.system('/root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
+            os.system('sudo /root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
            # restore right for metronome
-            os.system('chown root:metronome /etc/letsencrypt/archive/%s/*' % domain)
+            os.system('sudo chown root:metronome /etc/letsencrypt/archive/%s/*' % domain)
            # create cron
            os.system('echo "@monthly root yunohost domain letsencrypt -r %s" > /etc/cron.d/letsencrypt-%s' % domain)
            # symbolic link for cert and key
@ -277,17 +277,17 @@ def domain_letsencrypt(auth, domain, create=False, renew=False, revoke=False):

    elif renew and not create and not revoke:
        try:
-            os.system('/root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
+            os.system('sudo /root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
            # restore right for metronome
-            os.system('chown root:metronome /etc/letsencrypt/archive/%s/*' % domain)
+            os.system('sudo chown root:metronome /etc/letsencrypt/archive/%s/*' % domain)
            msignals.display(m18n.n('domain_letsencrypt_renewed'), 'success')
        except:
            raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_renew_failed'))
    elif revoke and not create and not renew:
        try:
-            os.system('/root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
+            os.system('sudo /root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
            msignals.display(m18n.n('domain_letsencrypt_revoked'), 'success')
        except:
            raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_revoke_failed'))
    else:
-        raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_revoke_unknown'))
+        raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_badarg'))