mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
Adapt ready_for_ACME check to the new dnsrecord result format...
This commit is contained in:
Alexandre Aubin
parent
b8cb374a49
commit
d75c1a61e8
2 changed files with 30 additions and 14 deletions
|
|
@ -851,14 +851,9 @@ def _backup_current_cert(domain):
|
||||||
|
|
||||||
def _check_domain_is_ready_for_ACME(domain):
|
def _check_domain_is_ready_for_ACME(domain):
|
||||||
|
|
||||||
dnsrecords = (
|
from yunohost.domain import _get_parent_domain_of
|
||||||
Diagnoser.get_cached_report(
|
from yunohost.dns import _get_dns_zone_for_domain
|
||||||
"dnsrecords",
|
|
||||||
item={"domain": domain, "category": "basic"},
|
|
||||||
warn_if_no_cache=False,
|
|
||||||
)
|
|
||||||
or {}
|
|
||||||
)
|
|
||||||
httpreachable = (
|
httpreachable = (
|
||||||
Diagnoser.get_cached_report(
|
Diagnoser.get_cached_report(
|
||||||
"web", item={"domain": domain}, warn_if_no_cache=False
|
"web", item={"domain": domain}, warn_if_no_cache=False
|
||||||
|
|
@ -866,16 +861,38 @@ def _check_domain_is_ready_for_ACME(domain):
|
||||||
or {}
|
or {}
|
||||||
)
|
)
|
||||||
|
|
||||||
if not dnsrecords or not httpreachable:
|
parent_domain = _get_parent_domain_of(domain)
|
||||||
|
|
||||||
|
dnsrecords = (
|
||||||
|
Diagnoser.get_cached_report(
|
||||||
|
"dnsrecords",
|
||||||
|
item={"domain": parent_domain, "category": "basic"},
|
||||||
|
warn_if_no_cache=False,
|
||||||
|
)
|
||||||
|
or {}
|
||||||
|
)
|
||||||
|
|
||||||
|
base_dns_zone = _get_dns_zone_for_domain(domain)
|
||||||
|
record_name = domain.replace(f".{base_dns_zone}", "") if domain != base_dns_zone else "@"
|
||||||
|
A_record_status = dnsrecords.get("data").get(f"A:{record_name}")
|
||||||
|
AAAA_record_status = dnsrecords.get("data").get(f"AAAA:{record_name}")
|
||||||
|
|
||||||
|
# Fallback to wildcard in case no result yet for the DNS name?
|
||||||
|
if not A_record_status:
|
||||||
|
A_record_status = dnsrecords.get("data").get(f"A:*")
|
||||||
|
if not AAAA_record_status:
|
||||||
|
AAAA_record_status = dnsrecords.get("data").get(f"AAAA:*")
|
||||||
|
|
||||||
|
if not httpreachable or not dnsrecords.get("data") or (A_record_status, AAAA_record_status) == (None, None):
|
||||||
raise YunohostValidationError(
|
raise YunohostValidationError(
|
||||||
"certmanager_domain_not_diagnosed_yet", domain=domain
|
"certmanager_domain_not_diagnosed_yet", domain=domain
|
||||||
)
|
)
|
||||||
|
|
||||||
# Check if IP from DNS matches public IP
|
# Check if IP from DNS matches public IP
|
||||||
if not dnsrecords.get("status") in [
|
# - 'MISSING' for IPv6 ain't critical for ACME
|
||||||
"SUCCESS",
|
# - IPv4 can be None assuming there's at least an IPv6, and viveversa
|
||||||
"WARNING",
|
# - (the case where both are None is checked before)
|
||||||
]: # Warning is for missing IPv6 record which ain't critical for ACME
|
if not (A_record_status in [None, "OK"] and AAAA_record_status in [None, "OK", "MISSING"]):
|
||||||
raise YunohostValidationError(
|
raise YunohostValidationError(
|
||||||
"certmanager_domain_dns_ip_differs_from_public_ip", domain=domain
|
"certmanager_domain_dns_ip_differs_from_public_ip", domain=domain
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,6 @@ from yunohost.domain import (
|
||||||
domain_config_get,
|
domain_config_get,
|
||||||
_get_domain_settings,
|
_get_domain_settings,
|
||||||
_set_domain_settings,
|
_set_domain_settings,
|
||||||
_get_parent_domain_of,
|
|
||||||
_list_subdomains_of,
|
_list_subdomains_of,
|
||||||
)
|
)
|
||||||
from yunohost.utils.dns import dig, is_yunohost_dyndns_domain, is_special_use_tld
|
from yunohost.utils.dns import dig, is_yunohost_dyndns_domain, is_special_use_tld
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue