From 1d8164e5836d439397da56ab7e9c95670e002442 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 24 Sep 2019 01:59:49 +0200 Subject: [PATCH] Improve acme and check dns before issuing cert --- tests/cli/3_test_stack_services_status.py | 6 ---- tests/cli/plugins/test_example.py | 1 + wo/cli/plugins/site.py | 27 +++++++++++++-- wo/core/acme.py | 42 +++++++++++++---------- 4 files changed, 49 insertions(+), 27 deletions(-) diff --git a/tests/cli/3_test_stack_services_status.py b/tests/cli/3_test_stack_services_status.py index 904bd6d..f0441a4 100644 --- a/tests/cli/3_test_stack_services_status.py +++ b/tests/cli/3_test_stack_services_status.py @@ -27,12 +27,6 @@ class CliTestCaseStack(test.WOTestCase): self.app.run() self.app.close() - def test_wo_cli_stack_services_status_memcached(self): - self.app = get_test_app(argv=['stack', 'status', '--memcache']) - self.app.setup() - self.app.run() - self.app.close() - def test_wo_cli_stack_services_status_all(self): self.app = get_test_app(argv=['stack', 'status']) self.app.setup() diff --git a/tests/cli/plugins/test_example.py b/tests/cli/plugins/test_example.py index d3745b4..0f9d21d 100644 --- a/tests/cli/plugins/test_example.py +++ b/tests/cli/plugins/test_example.py @@ -2,6 +2,7 @@ from wo.utils import test + class ExamplePluginTestCase(test.WOTestCase): def test_load_example_plugin(self): self.app.setup() diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 36044a1..d62f2fb 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -786,6 +786,11 @@ class WOSiteCreateController(CementBaseController): # copy the cert from the root domain copyWildcardCert(self, wo_domain, wo_root_domain) else: + # check DNS records before issuing cert + if not acmedata['dns'] is True: + if not WOAcme.check_dns(self, acme_domains): + Log.error(self, + "Aborting SSL certificate issuance") Log.debug(self, "Setup Cert with acme.sh for {0}" .format(wo_domain)) Log.info(self, "Certificate type: Subdomain") @@ -793,8 +798,12 @@ class WOSiteCreateController(CementBaseController): self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: + if not acmedata['dns'] is True: + if not WOAcme.check_dns(self, acme_domains): + Log.error(self, + "Aborting SSL certificate issuance") if WOAcme.setupletsencrypt( - self, acme_domains, acmedata): + self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) httpsRedirect(self, wo_domain, True, acme_wildcard) @@ -1420,16 +1429,28 @@ class WOSiteUpdateController(CementBaseController): # copy the cert from the root domain copyWildcardCert(self, wo_domain, wo_root_domain) else: + # check DNS records before issuing cert + if not acmedata['dns'] is True: + if not WOAcme.check_dns(self, acme_domains): + Log.error( + self, + "Aborting SSL certificate issuance") Log.debug(self, "Setup Cert with acme.sh for {0}" .format(wo_domain)) if WOAcme.setupletsencrypt( - self, acme_domains, acmedata): + self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: Log.error(self, "Unable to issue certificate") else: + # check DNS records before issuing cert + if not acmedata['dns'] is True: + if not WOAcme.check_dns(self, acme_domains): + Log.error( + self, + "Aborting SSL certificate issuance") if WOAcme.setupletsencrypt( - self, acme_domains, acmedata): + self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: Log.error(self, "Unable to issue certificate") diff --git a/wo/core/acme.py b/wo/core/acme.py index 209cba7..d9e68f1 100644 --- a/wo/core/acme.py +++ b/wo/core/acme.py @@ -40,24 +40,11 @@ class WOAcme: self, "Please make sure your properly " "set your DNS API credentials for acme.sh") else: - server_ip = requests.get('http://v4.wordops.eu/').text - for domain in acme_domains: - domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/' - .format(domain)).text - if(not domain_ip == server_ip): - Log.warn( - self, "{0} is not pointing to your server IP" - .format(domain)) - Log.error( - self, "You have to add the " - "proper DNS record", False) - break - else: - Log.error( - self, "Your domain is properly configured " - "but acme.sh was unable to issue certificate.\n" - "You can find more informations in " - "/var/log/wo/wordops.log", False) + Log.error( + self, "Your domain is properly configured " + "but acme.sh was unable to issue certificate.\n" + "You can find more informations in " + "/var/log/wo/wordops.log", False) return False else: Log.valide(self, "Issuing SSL cert with acme.sh") @@ -124,3 +111,22 @@ class WOAcme: Log.debug(self, str(e)) Log.debug(self, "Error occured while generating " "ssl.conf") + + def check_dns(self, acme_domains): + """Check if a list of domains point to the server IP""" + server_ip = requests.get('http://v4.wordops.eu/').text + for domain in acme_domains: + domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/' + .format(domain)).text + if(not domain_ip == server_ip): + Log.warn( + self, "{0} is not pointing to your server IP" + .format(domain)) + Log.error( + self, "You have to add the " + "proper DNS record", False) + return False + break + else: + Log.debug(self, "DNS record are properly set") + return True