From 1ef1517f651d6c7eb9761f27e25d848276a65744 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 25 Sep 2019 22:41:13 +0200 Subject: [PATCH] Add `--force` to site for `-le` --- CHANGELOG.md | 1 + wo/cli/plugins/site.py | 41 +++++++++++++++++++++++++++-------------- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f81f835..4580c18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - [SECURE] Allow new ssh port with UFW when running `wo secure --sshport` - [SECURITY] Additional Nginx directives to prevent access to log files or backup from web browser - [CORE] apt-mirror-updater to select the fastest debian/ubuntu mirror with automatic switching between mirrors if the current mirror is being updated +- [SITE] add `--force` to force Let's Encrypt certificate issuance even if DNS check fail #### Changed diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index cf6176a..af4fdff 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -368,6 +368,9 @@ class WOSiteCreateController(CementBaseController): action='store' or 'store_const', choices=('on', 'subdomain', 'wildcard'), const='on', nargs='?')), + (['--force'], + dict(help="force Let's Encrypt certificate issuance", + action='store_true')), (['--dns'], dict(help="choose dns provider api for letsencrypt", action='store' or 'store_const', @@ -796,9 +799,11 @@ class WOSiteCreateController(CementBaseController): else: # check DNS records before issuing cert if not acmedata['dns'] is True: - if not WOAcme.check_dns(self, acme_domains): - Log.error(self, - "Aborting SSL certificate issuance") + if not pargs.force: + if not WOAcme.check_dns(self, acme_domains): + Log.error(self, + "Aborting SSL " + "certificate issuance") Log.debug(self, "Setup Cert with acme.sh for {0}" .format(wo_domain)) if WOAcme.setupletsencrypt( @@ -806,9 +811,10 @@ class WOSiteCreateController(CementBaseController): WOAcme.deploycert(self, wo_domain) else: if not acmedata['dns'] is True: - if not WOAcme.check_dns(self, acme_domains): - Log.error(self, - "Aborting SSL certificate issuance") + if not pargs.force: + if not WOAcme.check_dns(self, acme_domains): + Log.error(self, + "Aborting SSL certificate issuance") if WOAcme.setupletsencrypt( self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) @@ -885,6 +891,9 @@ class WOSiteUpdateController(CementBaseController): choices=('on', 'off', 'renew', 'subdomain', 'wildcard', 'clean', 'purge'), const='on', nargs='?')), + (['--force'], + dict(help="force LetsEncrypt certificate issuance", + action='store_true')), (['--dns'], dict(help="choose dns provider api for letsencrypt", action='store' or 'store_const', @@ -1446,10 +1455,13 @@ class WOSiteUpdateController(CementBaseController): else: # check DNS records before issuing cert if not acmedata['dns'] is True: - if not WOAcme.check_dns(self, acme_domains): - Log.error( - self, - "Aborting SSL certificate issuance") + if not pargs.force: + if not WOAcme.check_dns(self, + acme_domains): + Log.error( + self, + "Aborting SSL certificate " + "issuance") Log.debug(self, "Setup Cert with acme.sh for {0}" .format(wo_domain)) if WOAcme.setupletsencrypt( @@ -1460,10 +1472,11 @@ class WOSiteUpdateController(CementBaseController): else: # check DNS records before issuing cert if not acmedata['dns'] is True: - if not WOAcme.check_dns(self, acme_domains): - Log.error( - self, - "Aborting SSL certificate issuance") + if not pargs.force: + if not WOAcme.check_dns(self, acme_domains): + Log.error( + self, + "Aborting SSL certificate issuance") if WOAcme.setupletsencrypt( self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain)