[fix] Fix the way name of self-CA is determined

locales/en.json

@@ -255,5 +255,6 @@
     "certmanager_hit_rate_limit" :"Too many certificates already issued for exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details.",
     "certmanager_cert_signing_failed" : "Signing the new certificate failed.",
     "certmanager_no_cert_file" : "Unable to read certificate file for domain {domain:s} (file : {file:s})",
-    "certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge : the nginx configuration file {filepath:s} is conflicting and should be removed first."
+    "certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge : the nginx configuration file {filepath:s} is conflicting and should be removed first.",
+    "certmanager_unable_to_determine_self_CA_name": "Unable to determine name of self-signing authority."
 }

src/yunohost/certificate.py

@@ -56,6 +56,8 @@ WEBROOT_FOLDER = "/tmp/acme-challenge-public/"
 SELF_CA_FILE = "/etc/ssl/certs/ca-yunohost_crt.pem"
 ACCOUNT_KEY_FILE = "/etc/yunohost/letsencrypt_account.pem"
 
+SSL_DIR = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
+
 KEY_SIZE = 3072
 
 VALIDITY_LIMIT = 15  # days
@@ -161,11 +163,9 @@ def _certificate_install_selfsigned(domain_list, force=False):
         new_cert_folder = "%s/%s-history/%s-selfsigned" % (
             CERT_FOLDER, domain, date_tag)
 
-        original_ca_file = '/etc/ssl/certs/ca-yunohost_crt.pem'
+        conf_template = os.path.join(SSL_DIR, "openssl.cnf")
-        ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
-        conf_template = os.path.join(ssl_dir, "openssl.cnf")
 
-        csr_file = os.path.join(ssl_dir, "certs", "yunohost_csr.pem")
+        csr_file = os.path.join(SSL_DIR, "certs", "yunohost_csr.pem")
         conf_file = os.path.join(new_cert_folder, "openssl.cnf")
         key_file = os.path.join(new_cert_folder, "key.pem")
         crt_file = os.path.join(new_cert_folder, "crt.pem")
@@ -214,7 +214,7 @@ def _certificate_install_selfsigned(domain_list, force=False):
         # Link the CA cert (not sure it's actually needed in practice though,
         # since we append it at the end of crt.pem. For instance for Let's
         # Encrypt certs, we only need the crt.pem and key.pem)
-        os.symlink(original_ca_file, ca_file)
+        os.symlink(SELF_CA_FILE, ca_file)
 
         # Append ca.pem at the end of crt.pem
         with open(ca_file, "r") as ca_pem, open(crt_file, "a") as crt_pem:
@@ -810,9 +810,20 @@ def _domain_is_accessible_through_HTTP(ip, domain):
 
 
 def _name_self_CA():
-    cert = crypto.load_certificate(
+    ca_conf = os.path.join(SSL_DIR, "openssl.ca.cnf")
-        crypto.FILETYPE_PEM, open(SELF_CA_FILE).read())
+
-    return cert.get_subject().CN
+    try :
+        with open("%s/openssl.ca.cnf" % SSL_DIR) as f:
+            lines = f.readlines()
+
+        for line in lines:
+            if (line.startswith("commonName_default")):
+                return line.split()[2]
+    except :
+        pass
+
+    logger.warning(m18n.n('certmanager_unable_to_determine_self_CA_name'))
+    return ""
 
 
 def _tail(n, file_path):