YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Catching exceptions from acme-tiny

Browse source
This commit is contained in:
Alexandre Aubin 2016-11-22 22:24:54 -05:00
parent 0132cf037f
commit a6353703bd
2 changed files with 19 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
locales/en.json
View file

@ -251,5 +251,7 @@
"certmanager_cert_install_success_selfsigned" : "Successfully installed a self-signed certificate for domain {domain:s} !", "certmanager_cert_install_success_selfsigned" : "Successfully installed a self-signed certificate for domain {domain:s} !",
"certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !", "certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !",
"certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !", "certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !",
"certmanager_old_letsencrypt_app_detected" : "\nYunohost detected that the 'letsencrypt' app is installed, which conflits with the new built-in certificate management features in Yunohost. If you wish to use the new built-in features, please run the following commands to migrate your installation :\n\n yunohost app remove letsencrypt\n yunohost domain cert-install\n\nN.B. : this will attempt to re-install certificates for all domains with a Let's Encrypt certificate or self-signed certificate." "certmanager_old_letsencrypt_app_detected" : "\nYunohost detected that the 'letsencrypt' app is installed, which conflits with the new built-in certificate management features in Yunohost. If you wish to use the new built-in features, please run the following commands to migrate your installation :\n\n yunohost app remove letsencrypt\n yunohost domain cert-install\n\nN.B. : this will attempt to re-install certificates for all domains with a Let's Encrypt certificate or self-signed certificate.",
"certmanager_hit_rate_limit" :"Too many certificates already issued for exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details.",
"certmanager_cert_signing_failed" : "Signing the new certificate failed."
} }

24
src/yunohost/certificate.py
View file

@ -31,7 +31,6 @@ import grp
import smtplib import smtplib
import requests import requests
import subprocess import subprocess
import dns.resolver import dns.resolver
from OpenSSL import crypto from OpenSSL import crypto
@ -470,11 +469,20 @@ def _fetch_and_enable_new_certificate(domain):
domain_csr_file = "%s/%s.csr" % (TMP_FOLDER, domain) domain_csr_file = "%s/%s.csr" % (TMP_FOLDER, domain)
signed_certificate = sign_certificate(ACCOUNT_KEY_FILE, try:
domain_csr_file, signed_certificate = sign_certificate(ACCOUNT_KEY_FILE,
WEBROOT_FOLDER, domain_csr_file,
log=logger, WEBROOT_FOLDER,
CA=CERTIFICATION_AUTHORITY) log=logger,
CA=CERTIFICATION_AUTHORITY)
except ValueError as e:
if ("urn:acme:error:rateLimited" in str(e)) :
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_hit_rate_limit', domain=domain))
else :
raise
except Exception as e:
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_cert_signing_failed'))
logger.error(str(e))
intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL).text intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL).text
@ -612,10 +620,10 @@ def _get_status(domain):
"verbose": "Unknown?", "verbose": "Unknown?",
} }
try : try:
_check_domain_is_ready_for_ACME(domain) _check_domain_is_ready_for_ACME(domain)
ACME_eligible = True ACME_eligible = True
except : except:
ACME_eligible = False ACME_eligible = False
return { return {