Changing the way to check domain is locally resolved

2024-09-03 20:06:10 +02:00 · 2017-01-04 13:05:57 -05:00 · 2017-01-04 13:05:57 -05:00 · 86f97d6f07
commit 86f97d6f07
parent b829de7218
2 changed files with 7 additions and 6 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -253,7 +253,7 @@
    "certmanager_domain_http_not_working": "It seems that the domain {domain:s} cannot be accessed through HTTP. Please check your DNS and nginx configuration is okay",
    "certmanager_error_no_A_record": "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate! (If you know what you are doing, use --no-checks to disable those checks.)",
    "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)",
-    "certmanager_domain_not_resolved_locally": "The domain {domain:s} cannot be resolved locally. This might happen if you recently modified your DNS record. If so, please wait a few hours for it to propagate. If the issue persists, consider adding {domain:s} to /etc/hosts. (If you know what you are doing, use --no-checks to disable those checks.)",
+    "certmanager_domain_not_resolved_locally": "The domain {domain:s} cannot be resolved from inside your Yunohost server. This might happen if you recently modified your DNS record. If so, please wait a few hours for it to propagate. If the issue persists, consider adding {domain:s} to /etc/hosts. (If you know what you are doing, use --no-checks to disable those checks.)",
    "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file: {file:s}), reason: {reason:s}",
    "certmanager_cert_install_success_selfsigned": "Successfully installed a self-signed certificate for domain {domain:s}!",
    "certmanager_cert_install_success": "Successfully installed Let's Encrypt certificate for domain {domain:s}!",
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -31,6 +31,7 @@ import grp
 import smtplib
 import requests
 import subprocess
 import socket
 import dns.resolver
 import glob
@ -788,7 +789,7 @@ def _check_domain_is_ready_for_ACME(domain):
    # Check if domain is resolved locally (Might happen despite the previous
    # checks because of dns propagation ?... Acme-tiny won't work in that case,
    # because it explicitly requests() the domain.)
-    if not _domain_is_resolved_locally(domain):
+    if not _domain_is_resolved_locally(public_ip, domain):
        raise MoulinetteError(errno.EINVAL, m18n.n(
            'certmanager_domain_not_resolved_locally', domain=domain))
@ -816,13 +817,13 @@ def _domain_is_accessible_through_HTTP(ip, domain):
    return True
-def _domain_is_resolved_locally(domain):
+def _domain_is_resolved_locally(public_ip, domain):
    try:
-        requests.head("http://%s/" % domain)
+        ip = socket.gethostbyname(domain)
-    except Exception:
+    except socket.error:
        return False
-    return True
+    return (ip in ["127.0.0.1", public_ip])
 def _name_self_CA():