Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve acme and check dns before issuing cert

Browse Source
This commit is contained in:
VirtuBox
2019-09-24 01:59:49 +02:00
parent dd5fe9f416
commit 1d8164e583
4 changed files with 49 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/cli/3_test_stack_services_status.py
View File

@@ -27,12 +27,6 @@ class CliTestCaseStack(test.WOTestCase):
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_services_status_memcached(self):
self.app = get_test_app(argv=['stack', 'status', '--memcache'])
self.app.setup()
self.app.run()
self.app.close()
def test_wo_cli_stack_services_status_all(self): def test_wo_cli_stack_services_status_all(self):
self.app = get_test_app(argv=['stack', 'status']) self.app = get_test_app(argv=['stack', 'status'])
self.app.setup() self.app.setup()

1
tests/cli/plugins/test_example.py
View File

@@ -2,6 +2,7 @@
from wo.utils import test from wo.utils import test
class ExamplePluginTestCase(test.WOTestCase): class ExamplePluginTestCase(test.WOTestCase):
def test_load_example_plugin(self): def test_load_example_plugin(self):
self.app.setup() self.app.setup()

27
wo/cli/plugins/site.py
View File

@@ -786,6 +786,11 @@ class WOSiteCreateController(CementBaseController):
# copy the cert from the root domain # copy the cert from the root domain
copyWildcardCert(self, wo_domain, wo_root_domain) copyWildcardCert(self, wo_domain, wo_root_domain)
else: else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not WOAcme.check_dns(self, acme_domains):
Log.error(self,
"Aborting SSL certificate issuance")
Log.debug(self, "Setup Cert with acme.sh for {0}" Log.debug(self, "Setup Cert with acme.sh for {0}"
.format(wo_domain)) .format(wo_domain))
Log.info(self, "Certificate type: Subdomain") Log.info(self, "Certificate type: Subdomain")
@@ -793,8 +798,12 @@ class WOSiteCreateController(CementBaseController):
self, acme_domains, acmedata): self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain) WOAcme.deploycert(self, wo_domain)
else: else:
if not acmedata['dns'] is True:
if not WOAcme.check_dns(self, acme_domains):
Log.error(self,
"Aborting SSL certificate issuance")
if WOAcme.setupletsencrypt( if WOAcme.setupletsencrypt(
self, acme_domains, acmedata): self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain) WOAcme.deploycert(self, wo_domain)
httpsRedirect(self, wo_domain, True, acme_wildcard) httpsRedirect(self, wo_domain, True, acme_wildcard)
@@ -1420,16 +1429,28 @@ class WOSiteUpdateController(CementBaseController):
# copy the cert from the root domain # copy the cert from the root domain
copyWildcardCert(self, wo_domain, wo_root_domain) copyWildcardCert(self, wo_domain, wo_root_domain)
else: else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not WOAcme.check_dns(self, acme_domains):
Log.error(
self,
"Aborting SSL certificate issuance")
Log.debug(self, "Setup Cert with acme.sh for {0}" Log.debug(self, "Setup Cert with acme.sh for {0}"
.format(wo_domain)) .format(wo_domain))
if WOAcme.setupletsencrypt( if WOAcme.setupletsencrypt(
self, acme_domains, acmedata): self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain) WOAcme.deploycert(self, wo_domain)
else: else:
Log.error(self, "Unable to issue certificate") Log.error(self, "Unable to issue certificate")
else: else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not WOAcme.check_dns(self, acme_domains):
Log.error(
self,
"Aborting SSL certificate issuance")
if WOAcme.setupletsencrypt( if WOAcme.setupletsencrypt(
self, acme_domains, acmedata): self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain) WOAcme.deploycert(self, wo_domain)
else: else:
Log.error(self, "Unable to issue certificate") Log.error(self, "Unable to issue certificate")

42
wo/core/acme.py
View File

@@ -40,24 +40,11 @@ class WOAcme:
self, "Please make sure your properly " self, "Please make sure your properly "
"set your DNS API credentials for acme.sh") "set your DNS API credentials for acme.sh")
else: else:
server_ip = requests.get('http://v4.wordops.eu/').text Log.error(
for domain in acme_domains: self, "Your domain is properly configured "
domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/' "but acme.sh was unable to issue certificate.\n"
.format(domain)).text "You can find more informations in "
if(not domain_ip == server_ip): "/var/log/wo/wordops.log", False)
Log.warn(
self, "{0} is not pointing to your server IP"
.format(domain))
Log.error(
self, "You have to add the "
"proper DNS record", False)
break
else:
Log.error(
self, "Your domain is properly configured "
"but acme.sh was unable to issue certificate.\n"
"You can find more informations in "
"/var/log/wo/wordops.log", False)
return False return False
else: else:
Log.valide(self, "Issuing SSL cert with acme.sh") Log.valide(self, "Issuing SSL cert with acme.sh")
@@ -124,3 +111,22 @@ class WOAcme:
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.debug(self, "Error occured while generating " Log.debug(self, "Error occured while generating "
"ssl.conf") "ssl.conf")
def check_dns(self, acme_domains):
"""Check if a list of domains point to the server IP"""
server_ip = requests.get('http://v4.wordops.eu/').text
for domain in acme_domains:
domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/'
.format(domain)).text
if(not domain_ip == server_ip):
Log.warn(
self, "{0} is not pointing to your server IP"
.format(domain))
Log.error(
self, "You have to add the "
"proper DNS record", False)
return False
break
else:
Log.debug(self, "DNS record are properly set")
return True