From 2f28047b1ae37c6c248ab5b4e39a8452da130bf3 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 17 Mar 2019 17:38:57 +0100 Subject: [PATCH] refactor letsencrypt --- wo/cli/plugins/site_functions.py | 145 ++++++++++++++++--------------- 1 file changed, 75 insertions(+), 70 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 7b8f2f6..56f6ca5 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1211,39 +1211,32 @@ def setupLetsEncrypt(self, wo_domain_name): Log.warn(self, "Please wait while we fetch the new HTTPS certificate" " for your site.\nIt may take a few minutes" " depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--issue " - "-d {0} -d www.{0} -w /var/www/html " - "-k ec-384" - .format(wo_domain_name)) - if ssl: - Log.info(self, "The HTTPS setup for your website is " - "successfully completed!") - Log.info(self, "Your certificate and chain have been saved in " - "{0}/{1}/fullchain.pem" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - Log.info(self, "Configuring nginx HTTPS configuration") + sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -d www.{0} -w /var/www/html " + "-k ec-384" + .format(wo_domain_name)) + if sslissue: + + Log.debug(self, "Cert deployment for domain: {0}" + .format(wo_domain_name)) + ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config'" + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) + if ssl: - if os.path.isfile("{0}/{1}_ecc/fullchain.cer" - .format(WOVariables.wo_ssl_archive, wo_domain_name)): - Log.debug(self, "Cert deployment for domain: {0}" - .format(wo_domain_name)) - ssl_deploy = WOShellExec.cmd_exec(self, - "mkdir -p {0}/{1} && " - "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config'" - "--install-cert -d {1} --ecc " - "--cert-file {0}/{1}/cert.pem " - "--key-file {0}/{1}/key.pem " - "--fullchain-file " - "{0}/{1}/fullchain.pem " - "--reloadcmd " - "\"service nginx restart\" " - .format(WOVariables.wo_ssl_live, - wo_domain_name)) try: Log.info( self, "Adding /var/www/{0}/conf/nginx/ssl.conf" @@ -1264,16 +1257,16 @@ def setupLetsEncrypt(self, wo_domain_name): WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to setup, Let\'s Encrypt", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # setup letsencrypt for a subdomain @@ -1285,29 +1278,41 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): .format(WOVariables.wo_ssl_archive, wo_domain_name)): Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" .format(wo_domain_name)) + ssl = archivedCertificateHandle(self, wo_domain_name) else: - Log.warn(self, "Please wait while we fetch the new HTTPS certificate " - "for your site.\nIt may take a " - "few minutes depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--issue " - "-d {0} -w /var/www/html " - "-k ec-384" - .format(wo_domain_name)) + Log.warn(self, "Please wait while we fetch the new HTTPS certificate" + " for your site.\nIt may take a few minutes" + " depending on the network.") + sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -w /var/www/html " + "-k ec-384" + .format(wo_domain_name)) + if sslissue: + + Log.debug(self, "Cert deployment for domain: {0}" + .format(wo_domain_name)) + ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config'" + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) if ssl: - Log.info(self, "The HTTPS setup for your website " - "is successfully completed!") - Log.info(self, "Your certificate and chain have been saved in " - "{0}/{1}/fullchain.pem" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - Log.info(self, "Configuring nginx HTTPS configuration") try: Log.info( self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + .format(wo_domain_name)) sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" .format(wo_domain_name), @@ -1317,23 +1322,23 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "ssl on;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) + .format(wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to setup, Let\'s Encrypt", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # letsencrypt cert renewal