Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve acme

Browse Source
This commit is contained in:
VirtuBox
2019-10-01 15:22:03 +02:00
parent 715497d3b1
commit 15b3b5d55c
3 changed files with 43 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
config/bash_completion.d/wo_auto.rc
View File

@@ -154,13 +154,13 @@ _wo_complete()
"create") "create")
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \
-W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \
-- $cur) ) -- $cur) )
;; ;;
"update") "update")
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \
-W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=off --letsencrypt --letsencrypt=off --letsencrypt=clean -le=wildcard -le=clean --dns --dns=dns_cf --dns=dns_do" \ -W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=off --letsencrypt --letsencrypt=off --letsencrypt=clean -le=wildcard -le=clean --dns --dns=dns_cf --dns=dns_dgon" \
-- $cur) ) -- $cur) )
;; ;;
"delete") "delete")
@@ -206,9 +206,9 @@ _wo_complete()
"--wp") "--wp")
if [ "${COMP_WORDS[1]}" != "debug" ]; then if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73" retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php73"
elif [ "${COMP_WORDS[2]}" == "update" ]; then elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_do" retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else else
retlist="" retlist=""
fi fi
@@ -225,9 +225,9 @@ _wo_complete()
"--wpsubdir" | "--wpsubdomain") "--wpsubdir" | "--wpsubdomain")
if [ "${COMP_WORDS[1]}" != "debug" ]; then if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php73 --dns --dns=dns_cf --dns=dns_do" retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php73 --dns --dns=dns_cf --dns=dns_dgon"
elif [ "${COMP_WORDS[2]}" == "update" ]; then elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else else
retlist="" retlist=""
fi fi
@@ -243,7 +243,7 @@ _wo_complete()
"--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") "--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else else
retlist="" retlist=""
fi fi
@@ -256,7 +256,7 @@ _wo_complete()
"--wpredis" | "--wprocket" | "--wpce" | "--wpfc") "--wpredis" | "--wprocket" | "--wpce" | "--wpfc")
if [ "${COMP_WORDS[2]}" == "update" ]; then if [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain -le --letsencrypt --dns --dns=dns_cf --dns=dns_do" retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain -le --letsencrypt --dns --dns=dns_cf --dns=dns_dgon"
else else
retlist="" retlist=""
fi fi
@@ -358,7 +358,7 @@ _wo_complete()
case "$mprev" in case "$mprev" in
"--user" | "--email" | "--pass") "--user" | "--email" | "--pass")
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
fi fi
ret="${retlist[@]/$prev}" ret="${retlist[@]/$prev}"
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \

3
wo/cli/plugins/site.py
View File

@@ -735,8 +735,7 @@ class WOSiteCreateController(CementBaseController):
self, wo_domain) self, wo_domain)
data['letsencrypt'] = True data['letsencrypt'] = True
letsencrypt = True letsencrypt = True
if os.path.isfile('/etc/letsencrypt/live/{0}/fullchain.pem' if WOAcme.cert_check(self, wo_domain):
.format(wo_domain)):
archivedCertificateHandle(self, wo_domain) archivedCertificateHandle(self, wo_domain)
else: else:
Log.debug(self, "Going to issue Let's Encrypt certificate") Log.debug(self, "Going to issue Let's Encrypt certificate")

40
wo/core/acme.py
View File

@@ -1,3 +1,4 @@
import csv
import os import os
import requests import requests
@@ -12,13 +13,21 @@ from wo.core.variables import WOVariables
class WOAcme: class WOAcme:
"""Acme.sh utilities for WordOps""" """Acme.sh utilities for WordOps"""
wo_acme_exec = ("/etc/letsencrypt/acme.sh --config-home "
"'/etc/letsencrypt/config'")
def export_cert(self):
"""Export acme.sh csv certificate list"""
if not WOShellExec.cmd_exec(
self, "{0} ".format(self.wo_acme_exec) +
"--list --listraw > /var/lib/wo/cert.csv"):
Log.error(self, "Unable to export certs list")
def setupletsencrypt(self, acme_domains, acmedata): def setupletsencrypt(self, acme_domains, acmedata):
"""Issue SSL certificates with acme.sh""" """Issue SSL certificates with acme.sh"""
all_domains = '\' -d \''.join(acme_domains) all_domains = '\' -d \''.join(acme_domains)
wo_acme_dns = acmedata['acme_dns'] wo_acme_dns = acmedata['acme_dns']
keylenght = acmedata['keylength'] keylenght = acmedata['keylength']
wo_acme_exec = ("/etc/letsencrypt/acme.sh --config-home "
"'/etc/letsencrypt/config'")
if acmedata['dns'] is True: if acmedata['dns'] is True:
acme_mode = "--dns {0}".format(wo_acme_dns) acme_mode = "--dns {0}".format(wo_acme_dns)
validation_mode = "DNS mode with {0}".format(wo_acme_dns) validation_mode = "DNS mode with {0}".format(wo_acme_dns)
@@ -33,7 +42,7 @@ class WOAcme:
Log.info(self, "Validation mode : {0}".format(validation_mode)) Log.info(self, "Validation mode : {0}".format(validation_mode))
Log.wait(self, "Issuing SSL cert with acme.sh") Log.wait(self, "Issuing SSL cert with acme.sh")
if not WOShellExec.cmd_exec( if not WOShellExec.cmd_exec(
self, "{0} ".format(wo_acme_exec) + self, "{0} ".format(self.wo_acme_exec) +
"--issue -d '{0}' {1} -k {2} -f" "--issue -d '{0}' {1} -k {2} -f"
.format(all_domains, acme_mode, keylenght)): .format(all_domains, acme_mode, keylenght)):
Log.failed(self, "Issuing SSL cert with acme.sh") Log.failed(self, "Issuing SSL cert with acme.sh")
@@ -53,8 +62,6 @@ class WOAcme:
return True return True
def deploycert(self, wo_domain_name): def deploycert(self, wo_domain_name):
wo_acme_exec = ("/etc/letsencrypt/acme.sh --config-home "
"'/etc/letsencrypt/config'")
if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer' if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer'
.format(wo_domain_name)): .format(wo_domain_name)):
Log.error(self, 'Certificate not found. Deployment canceled') Log.error(self, 'Certificate not found. Deployment canceled')
@@ -71,7 +78,7 @@ class WOAcme:
"--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && " "--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && "
"service nginx restart\" " "service nginx restart\" "
.format(WOVariables.wo_ssl_live, .format(WOVariables.wo_ssl_live,
wo_domain_name, wo_acme_exec)): wo_domain_name, self.wo_acme_exec)):
Log.valide(self, "Deploying SSL cert") Log.valide(self, "Deploying SSL cert")
else: else:
Log.failed(self, "Deploying SSL cert") Log.failed(self, "Deploying SSL cert")
@@ -128,7 +135,26 @@ class WOAcme:
self, "You have to add the " self, "You have to add the "
"proper DNS record", False) "proper DNS record", False)
return False return False
break
else: else:
Log.debug(self, "DNS record are properly set") Log.debug(self, "DNS record are properly set")
return True return True
def cert_check(self, wo_domain_name):
"""Check certificate existance with acme.sh and return Boolean"""
self.export_cert()
# define new csv dialect
csv.register_dialect('acmeconf', delimiter='|')
# open file
certfile = open('/var/lib/wo/cert.csv', mode='r', encoding='utf-8')
reader = csv.reader(certfile, 'acmeconf')
for row in reader:
# check if domain exist
if wo_domain_name in row[0]:
# check if cert expiration exist
if not row[3] == '':
cert_exist = True
break
else:
cert_exist = False
certfile.close()
return cert_exist