From b829de72180288707aa16e8435ecd39f1e9f9ac3 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 3 Jan 2017 09:36:33 -0500 Subject: [PATCH] Adding check that domain is resolved locally for cert management --- locales/en.json | 1 + src/yunohost/certificate.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/locales/en.json b/locales/en.json index 468be0c1c..25d0f6542 100644 --- a/locales/en.json +++ b/locales/en.json @@ -253,6 +253,7 @@ "certmanager_domain_http_not_working": "It seems that the domain {domain:s} cannot be accessed through HTTP. Please check your DNS and nginx configuration is okay", "certmanager_error_no_A_record": "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate! (If you know what you are doing, use --no-checks to disable those checks.)", "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)", + "certmanager_domain_not_resolved_locally": "The domain {domain:s} cannot be resolved locally. This might happen if you recently modified your DNS record. If so, please wait a few hours for it to propagate. If the issue persists, consider adding {domain:s} to /etc/hosts. (If you know what you are doing, use --no-checks to disable those checks.)", "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file: {file:s}), reason: {reason:s}", "certmanager_cert_install_success_selfsigned": "Successfully installed a self-signed certificate for domain {domain:s}!", "certmanager_cert_install_success": "Successfully installed Let's Encrypt certificate for domain {domain:s}!", diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 01852d2ec..652d6b653 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -785,6 +785,13 @@ def _check_domain_is_ready_for_ACME(domain): raise MoulinetteError(errno.EINVAL, m18n.n( 'certmanager_domain_http_not_working', domain=domain)) + # Check if domain is resolved locally (Might happen despite the previous + # checks because of dns propagation ?... Acme-tiny won't work in that case, + # because it explicitly requests() the domain.) + if not _domain_is_resolved_locally(domain): + raise MoulinetteError(errno.EINVAL, m18n.n( + 'certmanager_domain_not_resolved_locally', domain=domain)) + def _dns_ip_match_public_ip(public_ip, domain): try: @@ -809,6 +816,15 @@ def _domain_is_accessible_through_HTTP(ip, domain): return True +def _domain_is_resolved_locally(domain): + try: + requests.head("http://%s/" % domain) + except Exception: + return False + + return True + + def _name_self_CA(): ca_conf = os.path.join(SSL_DIR, "openssl.ca.cnf")