From 48326f171ce02924357299a196d8b094234afa06 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 12 Mar 2019 13:10:59 +0100 Subject: [PATCH 1/6] [skip travis] --letsencrypt stack refactored --- install | 40 ++--- wo/cli/plugins/site.py | 93 +++++++---- wo/cli/plugins/site_functions.py | 255 +++++++++++++++++++------------ wo/core/variables.py | 6 + 4 files changed, 245 insertions(+), 149 deletions(-) diff --git a/install b/install index ab53e1f..7a046b6 100644 --- a/install +++ b/install @@ -7,7 +7,7 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.3 - 2019-03-05 +# Version 3.9.3 - 2019-03-11 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" readonly wo_version_new="3.9.3.1" @@ -285,25 +285,27 @@ wo_sync_db() ### # ee-acme-sh by VirtuBox, https://virtubox.net/ ### - if [ ! -f ~/.acme.sh/acme.sh ]; then - wget -O - https://get.acme.sh | sh - BASHRC_EE_ACME_FIRST_RELEASE=$(grep "ee-acme" $HOME/.bashrc) - BASHRC_EE_ACME_LAST_RELEASE=$(grep "ee-acme.sh" $HOME/.bashrc) - - if [ -f $HOME/.ee-acme/ee-acme ] && [ -z "$BASHRC_EE_ACME_LAST_RELEASE" ]; then - rm -rf $HOME/.ee-acme/* - echo 'alias ee-acme="/root/.ee-acme/ee-acme.sh"' >> $HOME/.ee-acme/ee-acme - wget -qO $HOME/.ee-acme/ee-acme.sh https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh - chmod +x $HOME/.ee-acme/ee-acme.sh - elif [ -x $HOME/.ee-acme/ee-acme.sh ]; then - rm $HOME/.ee-acme/ee-acme.sh - wget -qO $HOME/.ee-acme/ee-acme.sh https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh - chmod +x $HOME/.ee-acme/ee-acme.sh - elif [ ! -d $HOME/.ee-acme ]; then - mkdir -p $HOME/.ee-acme - wget -qO /usr/local/bin/wo-acme https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh - chmod +x /usr/local/bin/wo-acme + if [ ! -d /opt/acme.sh ]; then + git clone https://github.com/Neilpang/acme.sh.git /opt/acme.sh + cd /opt/acme.sh || exit 1 + [ ! -d /etc/letsencrypt/config ] && { + mkdir -p /etc/letsencrypt/config + } + [ ! -d /etc/letsencrypt/live ] && { + mkdir -p /etc/letsencrypt/live + } + [ ! -d /etc/letsencrypt/renewal ] && { + mkdir -p /etc/letsencrypt/renewal + } + ./acme.sh --install \ + --home /etc/letsencrypt \ + --config-home /etc/letsencrypt/config \ + --cert-home /etc/letsencrypt/renewal fi + + BASHRC_EE_ACME_FIRST_RELEASE=$(grep "ee-acme" $HOME/.bashrc) + + fi } diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 0978aed..f33089d 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -713,7 +713,8 @@ class WOSiteCreateController(CementBaseController): Log.error(self, "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") - if self.app.pargs.letsencrypt and (not self.app.pargs.subdomain): + if self.app.pargs.letsencrypt and + (not pargs.letsencrypt == "wildcard"): if stype in ['wpsubdomain']: Log.warn( self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.") @@ -811,7 +812,8 @@ class WOSiteUpdateController(CementBaseController): (['-le', '--letsencrypt'], dict(help="configure letsencrypt ssl for the site", action='store' or 'store_const', - choices=('on', 'off', 'renew'), const='on', nargs='?')), + choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), + const='on', nargs='?')), (['--proxy'], dict(help="update to proxy site", nargs='+')), (['--experimental'], @@ -934,8 +936,8 @@ class WOSiteUpdateController(CementBaseController): Log.info(self, Log.FAIL + "Can not update HTML site to HHVM") return 1 - if ((stype == 'php' and oldsitetype not in ['html', 'proxy', 'php73']) or - # (stype == 'php73' and oldsitetype not in ['html', 'mysql', 'php', 'php73', 'wp', 'wpsubdir', 'wpsubdomain', ]) or + if ((stype == 'php' and + oldsitetype not in ['html', 'proxy', 'php73']) or (stype == 'mysql' and oldsitetype not in ['html', 'php', 'proxy', 'php73']) or (stype == 'wp' and oldsitetype not in ['html', 'php', 'mysql', @@ -1219,28 +1221,14 @@ class WOSiteUpdateController(CementBaseController): hhvm = True if pargs.letsencrypt == "on": - - if pargs.experimental: - - if oldsitetype in ['wpsubdomain']: - Log.warn( - self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.") - - Log.info(self, "Letsencrypt is currently in beta phase." - " \nDo you wish" - " to enable SSl now for {0}?".format(wo_domain)) - - check_prompt = input("Type \"y\" to continue [n]:") - if check_prompt != "Y" and check_prompt != "y": - Log.info(self, "Not using letsencrypt for site") - data['letsencrypt'] = False - letsencrypt = False - else: - data['letsencrypt'] = True - letsencrypt = True + if oldsitetype in ['wpsubdomain']: + data['letsencrypt'] = True + letsencrypt = True + wildcard = True else: data['letsencrypt'] = True letsencrypt = True + wildcard = True if pargs.wpredis and data['currcachetype'] != 'wpredis': if pargs.experimental: @@ -1303,7 +1291,7 @@ class WOSiteUpdateController(CementBaseController): " http://{0}".format(wo_domain)) return 0 - if pargs.letsencrypt: + if pargs.letsencrypt and (not pargs.subdomain): if data['letsencrypt'] is True: if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled" .format(wo_site_webroot)): @@ -1316,9 +1304,6 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) - Log.info(self, "Creating Cron Job for cert auto-renewal") - WOCron.setcron_weekly(self, 'wo site update --le=renew --all 2> /dev/null'.format(wo_domain), 'Renew all' - ' letsencrypt SSL cert. Set by WordOps') if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1346,8 +1331,58 @@ class WOSiteUpdateController(CementBaseController): if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - # Log.info(self,"Removing Cron Job set for cert auto-renewal") - # WOCron.remove_cron(self,'wo site update {0} --le=renew --min_expiry_limit 30 2> \/dev\/null'.format(wo_domain)) + # Log.info(self,"Removing Cron Job set for cert + # auto-renewal") WOCron.remove_cron(self,'wo site + # update {0} --le=renew --min_expiry_limit 30 + # 2> \/dev\/null'.format(wo_domain)) + Log.info(self, "Successfully Disabled SSl for Site " + " http://{0}".format(wo_domain)) + + if pargs.letsencrypt and (pargs.subdomain): + if data['letsencrypt'] is True: + if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled" + .format(wo_site_webroot)): + setupLetsEncryptSubdomain(self, wo_domain) + + else: + WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf.disabled" + .format(wo_site_webroot), + '{0}/conf/nginx/ssl.conf' + .format(wo_site_webroot)) + + httpsRedirect(self, wo_domain) + + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + + Log.info(self, "Congratulations! Successfully Configured SSl for Site " + " https://{0}".format(wo_domain)) + + if (SSL.getExpirationDays(self, wo_domain) > 0): + Log.info(self, "Your cert will expire within " + + str(SSL.getExpirationDays(self, wo_domain)) + " days.") + else: + Log.warn( + self, "Your cert already EXPIRED ! .PLEASE renew soon . ") + + elif data['letsencrypt'] is False: + if os.path.isfile("{0}/conf/nginx/ssl.conf" + .format(wo_site_webroot)): + Log.info(self, 'Setting Nginx configuration') + WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/ssl.conf.disabled' + .format(wo_site_webroot)) + httpsRedirect(self, wo_domain, False) + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + # Log.info(self,"Removing Cron Job set for + # cert auto-renewal") + # WOCron.remove_cron(self,'wo site update {0} + # --le=renew --min_expiry_limit 30 2> \/dev\/null' + # .format(wo_domain)) Log.info(self, "Successfully Disabled SSl for Site " " http://{0}".format(wo_domain)) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 1c24911..4f4ebb7 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -686,7 +686,8 @@ def site_package_check(self, stype): Log.debug(self, "Setting apt_packages variable for Nginx") # Check if server has nginx-custom package - if not (WOAptGet.is_installed(self, 'nginx-custom') or WOAptGet.is_installed(self, 'nginx-mainline')): + if not (WOAptGet.is_installed(self, 'nginx-custom') or + WOAptGet.is_installed(self, 'nginx-mainline')): # check if Server has nginx-plus installed if WOAptGet.is_installed(self, 'nginx-plus'): # do something @@ -696,9 +697,11 @@ def site_package_check(self, stype): # apt_packages = apt_packages + WOVariables.wo_nginx stack.post_pref(apt, packages) elif WOAptGet.is_installed(self, 'nginx'): - Log.info(self, "WordOps detected a previously installed Nginx package. " - "It may or may not have required modules. " - "\nIf you need help, please create an issue at https://github.com/WordOps/WordOps/issues/ \n") + Log.info(self, "WordOps detected a previously" + "installed Nginx package. " + "It may or may not have required modules. " + "\nIf you need help, please create an issue at " + "https://github.com/WordOps/WordOps/issues/ \n") apt = ["nginx"] + WOVariables.wo_nginx # apt_packages = apt_packages + WOVariables.wo_nginx stack.post_pref(apt, packages) @@ -715,10 +718,11 @@ def site_package_check(self, stype): if self.app.pargs.php and self.app.pargs.php73: Log.error( - self, "Error: two different PHP versions cannot be combined within the same WordOps site") + self, "Error: two different PHP versions cannot be " + "combined within the same WordOps site") if not self.app.pargs.php73 and stype in ['php', 'mysql', 'wp', 'wpsubdir', 'wpsubdomain']: - if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): + if WOVariables.wo_platform_distro == 'ubuntu': Log.debug(self, "Setting apt_packages variable for PHP 7.2") if not WOAptGet.is_installed(self, 'php7.2-fpm'): apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra @@ -727,15 +731,11 @@ def site_package_check(self, stype): if not WOAptGet.is_installed(self, 'php7.2-fpm'): apt_packages = apt_packages + WOVariables.wo_php - if self.app.pargs.php73 and stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: - if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): - Log.debug(self, "Setting apt_packages variable for PHP 7.3") - if not WOAptGet.is_installed(self, 'php7.3-fpm'): - apt_packages = apt_packages + WOVariables.wo_php73 - else: - Log.debug(self, "Setting apt_packages variable for PHP 7.3") - if not WOAptGet.is_installed(self, 'php7.3-fpm'): - apt_packages = apt_packages + WOVariables.wo_php73 + if self.app.pargs.php73 and + stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: + Log.debug(self, "Setting apt_packages variable for PHP 7.3") + if not WOAptGet.is_installed(self, 'php7.3-fpm'): + apt_packages = apt_packages + WOVariables.wo_php73 if stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: Log.debug(self, "Setting apt_packages variable for MySQL") @@ -797,8 +797,11 @@ def site_package_check(self, stype): os.path.isfile("/etc/nginx/conf.d/redis.conf")): with open("/etc/nginx/conf.d/redis.conf", "a") as redis_file: redis_file.write("# Log format Settings\n" - "log_format rt_cache_redis '$remote_addr $upstream_response_time $srcache_fetch_status [$time_local] '\n" - "'$http_host \"$request\" $status $body_bytes_sent '\n" + "log_format rt_cache_redis '$remote_addr" + " $upstream_response_time " + "$srcache_fetch_status [$time_local] '\n" + "'$http_host \"$request\" $status" + " $body_bytes_sent '\n" "'\"$http_referer\" \"$http_user_agent\"';\n") if self.app.pargs.hhvm: @@ -843,14 +846,9 @@ def site_package_check(self, stype): "server 127.0.0.1:9000 backup;\n}\n") if self.app.pargs.php73: - if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): - Log.debug(self, "Setting apt_packages variable for PHP 7.3") - if not WOAptGet.is_installed(self, 'php7.3-fpm'): - apt_packages = apt_packages + WOVariables.wo_php73 - else: - Log.debug(self, "Setting apt_packages variable for PHP 7.3") - if not WOAptGet.is_installed(self, 'php7.3-fpm'): - apt_packages = apt_packages + WOVariables.wo_php73 + Log.debug(self, "Setting apt_packages variable for PHP 7.3") + if not WOAptGet.is_installed(self, 'php7.3-fpm'): + apt_packages = apt_packages + WOVariables.wo_php73 if os.path.isdir("/etc/nginx/common") and (not os.path.isfile("/etc/nginx/common/php73.conf")): @@ -910,8 +908,10 @@ def site_package_check(self, stype): if not WOFileUtils.grep(self, "/etc/nginx/conf.d/upstream.conf", "php73"): with open("/etc/nginx/conf.d/upstream.conf", "a") as php_file: - php_file.write("upstream php73 {\nserver unix:/var/run/php/php73-fpm.sock;\n}\n" - "upstream debug73 {\nserver 127.0.0.1:9173;\n}\n") + php_file.write("upstream php73 {\nserver" + "unix:/var/run/php/php73-fpm.sock;\n}\n" + "upstream debug73" + " {\nserver 127.0.0.1:9173;\n}\n") return(stack.install(apt_packages=apt_packages, packages=packages, disp_msg=False)) @@ -1055,7 +1055,8 @@ def detSitePar(opts): if len(typelist) > 1 or len(cachelist) > 1: if len(cachelist) > 1: raise RuntimeError( - "Could not determine cache type.Multiple cache parameter entered") + "Could not determine cache type." + "Multiple cache parameter entered") elif False not in [x in ('php', 'mysql', 'html') for x in typelist]: sitetype = 'mysql' if not cachelist: @@ -1244,25 +1245,48 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='', def setupLetsEncrypt(self, wo_domain_name): - wo_wp_email = WOVariables.wo_email - if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)): + if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf" + .format(wo_domain_name)): Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" .format(wo_domain_name)) - ssl = archivedCertificateHandle(self, wo_domain_name, wo_wp_email) + ssl = archivedCertificateHandle(self, wo_domain_name) else: - Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -d {0} -d www.{0} --standalone" + Log.warn(self, "Please wait while we fetch the new HTTPS certificate" + " for your site.\nIt may take a few minutes" + " depending on the network.") + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue " + "-d {0} -d www.{0} -w /var/www/html" + "-k ec-384" .format(wo_domain_name)) if ssl: - Log.info(self, "The HTTPS setup for your website is successfully completed!") + Log.info(self, "The HTTPS setup for your website is " + "successfully completed!") Log.info(self, "Your certificate and chain have been saved in " - "/etc/letsencrypt/live/{0}/fullchain.pem".format(wo_domain_name)) + "{0}/{1}/fullchain.pem" + .format(WOVariables.wo_ssl_live, wo_domain_name)) Log.info(self, "Configuring nginx HTTPS configuration") + if os.path.isfile("{0}/{1}_ecc/fullchain.cer" + .format(WOVariables.wo_ssl_archive, wo_domain_name)): + Log.debug(self, "Cert deployment for domain: {0}" + .format(wo_domain_name)) + ssl_deploy = WOShellExec.cmd_exec(self, + "mkdir -p {0}/{1} &&" + "/etc/letsencrypt/acme.sh " + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd=" + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) try: Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name)) + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" .format(wo_domain_name), @@ -1270,9 +1294,9 @@ def setupLetsEncrypt(self, wo_domain_name): sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl on;\n" - "ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n" - "ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n" - .format(wo_domain_name)) + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) @@ -1286,29 +1310,38 @@ def setupLetsEncrypt(self, wo_domain_name): else: Log.error(self, "Unable to setup, Let\'s Encrypt", False) Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which you are running Let\'s Encrypt Client " + "same server on which " + "you are running Let\'s Encrypt Client " "\n to allow it to verify the site automatically.") def setupLetsEncryptSubdomain(self, wo_domain_name): wo_wp_email = WOVariables.wo_email - if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)): + if os.path.isfile("{0}/{1}_ecc/{1}.conf" + .format(WOVariables.wo_ssl_archive, wo_domain_name)): Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" .format(wo_domain_name)) else: - Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone" + Log.warn(self, "Please wait while we fetch the new HTTPS certificate " + "for your site.\nIt may take a " + "few minutes depending on the network.") + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue " + "-d {0} -w /var/www/html" + "-k ec-384" .format(wo_domain_name)) if ssl: - Log.info(self, "The HTTPS setup for your website is successfully completed!") + Log.info(self, "The HTTPS setup for your website " + "is successfully completed!") Log.info(self, "Your certificate and chain have been saved in " - "/etc/letsencrypt/live/{0}/fullchain.pem".format(wo_domain_name)) + "{0}/{1}/fullchain.pem" + .format(WOVariables.wo_ssl_live, wo_domain_name)) Log.info(self, "Configuring nginx HTTPS configuration") try: Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name)) + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" .format(wo_domain_name), @@ -1316,9 +1349,9 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl on;\n" - "ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n" - "ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n" - .format(wo_domain_name)) + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) @@ -1332,24 +1365,16 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): else: Log.error(self, "Unable to setup, Let\'s Encrypt", False) Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which you are running Let\'s Encrypt Client " + "same server on which " + "you are running Let\'s Encrypt Client " "\n to allow it to verify the site automatically.") def renewLetsEncrypt(self, wo_domain_name): - wo_wp_email = WOVariables.wo_email - while not wo_wp_email: - try: - wo_wp_email = input('Enter email address: ') - except EOFError as e: - Log.debug(self, "{0}".format(e)) - raise SiteError("Input WordPress email failed") - - Log.info(self, "Renewing SSl cert for https://{0}".format(wo_domain_name)) - ssl = WOShellExec.cmd_exec( - self, "/usr/local/bin/wo-acme -s {0} --standalone".format(wo_domain_name)) + self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" + .format(wo_domain_name)) mail_list = '' if not ssl: @@ -1360,36 +1385,47 @@ def renewLetsEncrypt(self, wo_domain_name): else: Log.error(self, "Your current certificate already expired!", False) - WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[FAIL] HTTPS cert renewal {0}".format(wo_domain_name), - "Hi,\n\nHTTPS certificate renewal for https://{0} was unsuccessful.".format(wo_domain_name) + - "\nPlease check the WordOps log for reason. The current expiry date is : " + - str(SSL.getExpirationDate(self, wo_domain_name)) + - "\n\nFor support visit https://wordops.org/support .\n\nBest regards,\nYour WordOps Worker", files=mail_list, - port=25, isTls=False) + # WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, + # "[FAIL] HTTPS cert renewal {0}".format(wo_domain_name), + # "Hi,\n\nHTTPS certificate renewal for https://{0} + # was unsuccessful.".format(wo_domain_name) + + # "\nPlease check the WordOps log for reason + # The current expiry date is : " + + # str(SSL.getExpirationDate(self, wo_domain_name)) + + # "\n\nFor support visit https://wordops.org/support . + # \n\nBest regards,\nYour WordOps Worker", files=mail_list, + # port=25, isTls=False) Log.error(self, "Check the WO log for more details " "`tail /var/log/wo/wordops.log`") WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[SUCCESS] Let's Encrypt certificate renewal {0}".format(wo_domain_name), - "Hi,\n\nYour Let's Encrypt certificate has been renewed for https://{0} .".format(wo_domain_name) + - "\nYour new certificate will expire on : " + - str(SSL.getExpirationDate(self, wo_domain_name)) + - "\n\nBest regards,\nYour WordOps Worker", files=mail_list, - port=25, isTls=False) + # WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, + # "[SUCCESS] Let's Encrypt certificate renewal {0}".format(wo_domain_name), + # "Hi,\n\nYour Let's Encrypt certificate has been renewed for + # https://{0} .".format(wo_domain_name) + + # "\nYour new certificate will expire on : " + + # str(SSL.getExpirationDate(self, wo_domain_name)) + + # "\n\nBest regards,\nYour WordOps Worker", files=mail_list, + # port=25, isTls=False) # redirect= False to disable https redirection def httpsRedirect(self, wo_domain_name, redirect=True): if redirect: - if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)): - WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name), - "/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) + if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" + .format(wo_domain_name)): + WOFileUtils.mvfile(self, + "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" + .format(wo_domain_name), + "/etc/nginx/conf.d/force-ssl-{0}.conf" + .format(wo_domain_name)) else: try: Log.info( - self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) + self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf" + .format(wo_domain_name)) sslconf = open("/etc/nginx/conf.d/force-ssl-{0}.conf" .format(wo_domain_name), @@ -1419,8 +1455,10 @@ def httpsRedirect(self, wo_domain_name, redirect=True): def archivedCertificateHandle(self, domain, wo_wp_email): - Log.warn(self, "You already have an existing certificate for the domain requested.\n" - "(ref: /etc/letsencrypt/renewal/{0}.conf)".format(domain) + + Log.warn(self, "You already have an existing certificate " + "for the domain requested.\n" + "(ref: {0}/" + "{0}_ecc/{0}.conf)".format(WOVariables.wo_ssl_archive, domain) + "\nPlease select an option from below?" "\n\t1: Reinstall existing certificate" "\n\t2: Keep the existing certificate for now" @@ -1428,30 +1466,45 @@ def archivedCertificateHandle(self, domain, wo_wp_email): "") check_prompt = input( "\nType the appropriate number [1-3] or any other key to cancel: ") - if not os.path.isfile("/etc/letsencrypt/live/{0}/cert.pem".format(domain)): + if not os.path.isfile("{0}/{1}/fullchain.pem" + .format(WOVariables.wo_ssl_live, domain)): Log.error( - self, "/etc/letsencrypt/live/{0}/cert.pem file is missing.".format(domain)) - if check_prompt == "1": - Log.info(self, "Please wait while we reinstall the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.") - ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto certonly --rsa-key-size 4096 --reinstall --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} " - .format(domain) - + "--email {0} --text --agree-tos".format(wo_wp_email)) - elif check_prompt == "2": - Log.info(self, "Using Existing Certificate files") - if not (os.path.isfile("/etc/letsencrypt/live/{0}/fullchain.pem".format(domain)) or - os.path.isfile("/etc/letsencrypt/live/{0}/key.pem".format(domain))): - Log.error(self, "Certificate files not found. Skipping.\n" - "Please check if following file exist\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t" - "/etc/letsencrypt/live/{0}/key.pem".format(domain)) - ssl = True + self, "{0}/{1}/cert.pem file is missing." + .format(WOVariables.wo_ssl_live, domain)) - elif check_prompt == "3": - Log.info(self, "Please wait while we renew the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.") - ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto --renew-by-default --rsa-key-size 4096 certonly --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} " - .format(domain) - + "--email {0} --text --agree-tos".format(wo_wp_email)) - else: - Log.error(self, "Operation cancelled by user.") + if check_prompt == "1": + Log.info(self, "Please wait while we reinstall the Let's Encrypt " + "certificate for your site.\nIt may take a " + "few minutes depending on your network.") + ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} &&" + "/etc/letsencrypt/acme.sh " + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd=" + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, domain)) + + elif (check_prompt == "2"): + Log.info(self, "Using Existing Certificate files") + if not os.path.isfile("{0}/{1}/fullchain.pem".format(WOVariables.wo_ssl_live, domain)): + Log.error(self, "Certificate files not found. Skipping.\n" + "Please check if following file exist" + "\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t" + "/etc/letsencrypt/live/{0}/key.pem".format(domain)) + ssl = True + + elif (check_prompt == "3"): + Log.info(self, "Please wait while we renew the Let's Encrypt" + "certificate for your site.\nIt may take a few " + "minutes depending on your network.") + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" + .format(domain)) + + else: + Log.error(self, "Operation cancelled by user.") if os.path.isfile("{0}/conf/nginx/ssl.conf" .format(domain)): diff --git a/wo/core/variables.py b/wo/core/variables.py index 0b4b660..68ec96b 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -45,6 +45,12 @@ class WOVariables(): # WordOps default webroot path wo_webroot = '/var/www/' + # WordOps default renewal SSL certificates path + wo_ssl_archive = '/etc/letsencrypt/renewal' + + # WordOps default live SSL certificates path + wo_ssl_live = '/etc/letsencrypt/live' + # PHP user wo_php_user = 'www-data' From d1a9511cc79e9fb1c95ba06aa00f26a6506e2f8a Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 12 Mar 2019 18:05:40 +0100 Subject: [PATCH 2/6] [skip travis] add few comments and fix indentation --- wo/cli/plugins/site_functions.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 4f4ebb7..981bead 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -731,8 +731,7 @@ def site_package_check(self, stype): if not WOAptGet.is_installed(self, 'php7.2-fpm'): apt_packages = apt_packages + WOVariables.wo_php - if self.app.pargs.php73 and - stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: + if self.app.pargs.php73 and stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: Log.debug(self, "Setting apt_packages variable for PHP 7.3") if not WOAptGet.is_installed(self, 'php7.3-fpm'): apt_packages = apt_packages + WOVariables.wo_php73 @@ -1243,7 +1242,7 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='', raise SiteError("dbhost not provided") deleteDB(self, dbname, dbuser, dbhost) - +# setup letsencrypt for domain + www.domain def setupLetsEncrypt(self, wo_domain_name): if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf" @@ -1314,7 +1313,7 @@ def setupLetsEncrypt(self, wo_domain_name): "you are running Let\'s Encrypt Client " "\n to allow it to verify the site automatically.") - +# setup letsencrypt for a subdomain def setupLetsEncryptSubdomain(self, wo_domain_name): wo_wp_email = WOVariables.wo_email @@ -1369,7 +1368,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "you are running Let\'s Encrypt Client " "\n to allow it to verify the site automatically.") - +# letsencrypt cert renewal def renewLetsEncrypt(self, wo_domain_name): ssl = WOShellExec.cmd_exec( From 02ad1f48e41df6a385a1b6540d918e552d286ded Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 15 Mar 2019 22:54:16 +0100 Subject: [PATCH 3/6] update letsencrypt settings --- CHANGELOG.md | 2 +- install | 9 ++++++--- setup.py | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c7557c..00971c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Nginx module nginx_vts - Migration script from nginx-ee to nginx-wo -- Partial support for Debian 9 (testing) +- Support for Debian 9 (testing) - New Nginx build v1.14.2 #### Changed diff --git a/install b/install index cae8e14..c23b009 100644 --- a/install +++ b/install @@ -136,7 +136,7 @@ wo_install_dep() if [ "$wo_linux_distro" == "Ubuntu" ]; then apt-get -y -qq install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1 else - apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1 + apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban > /dev/null 2>&1 fi locale-gen en @@ -348,7 +348,10 @@ wo_install_acme_sh() { --config-home /etc/letsencrypt/config \ --cert-home /etc/letsencrypt/renewal # enable auto-upgrade - /etc/letsencrypt/acme.sh --upgrade --auto-upgrade + /etc/letsencrypt/acme.sh --upgrade --auto-upgrade \ + --home /etc/letsencrypt \ + --config-home /etc/letsencrypt/config \ + --cert-home /etc/letsencrypt/renewal # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then @@ -356,7 +359,7 @@ wo_install_acme_sh() { chown -R www-data:www-data /var/www/html /var/www/html/.well-known fi - } >> /var/log/wo/install.log + } >> /var/log/wo/install.log 2>&1 fi } diff --git a/setup.py b/setup.py index 780b17e..b7c6881 100644 --- a/setup.py +++ b/setup.py @@ -58,7 +58,7 @@ if not os.path.isfile('/root/.gitconfig'): shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') setup(name='wo', - version='3.9.3', + version='3.9.4', description=long_description, long_description=long_description, classifiers=[], From 2ee98dca9a0a0f7d03012dbf6604527c5d82a7de Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 15 Mar 2019 22:55:13 +0100 Subject: [PATCH 4/6] fix indentation --- wo/cli/plugins/site_functions.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 57e02a4..4eefa6e 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1189,6 +1189,8 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='', deleteDB(self, dbname, dbuser, dbhost) # setup letsencrypt for domain + www.domain + + def setupLetsEncrypt(self, wo_domain_name): if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf" @@ -1259,7 +1261,9 @@ def setupLetsEncrypt(self, wo_domain_name): "you are running Let\'s Encrypt Client " "\n to allow it to verify the site automatically.") -# setup letsencrypt for a subdomain +# setup letsencrypt for a subdomain + + def setupLetsEncryptSubdomain(self, wo_domain_name): wo_wp_email = WOVariables.wo_email @@ -1315,6 +1319,8 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "\n to allow it to verify the site automatically.") # letsencrypt cert renewal + + def renewLetsEncrypt(self, wo_domain_name): ssl = WOShellExec.cmd_exec( From 58f400ed0b21949a23c17a29f12e71d411060245 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 15 Mar 2019 23:03:43 +0100 Subject: [PATCH 5/6] fix indentation --- wo/cli/plugins/site_functions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 4eefa6e..2617e8e 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1454,8 +1454,8 @@ def archivedCertificateHandle(self, domain, wo_wp_email): ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" .format(domain)) - else: - Log.error(self, "Operation cancelled by user.") + else: + Log.error(self, "Operation cancelled by user.") if os.path.isfile("{0}/conf/nginx/ssl.conf" .format(domain)): From 5651d7072e1addd229be663a4591295331fc11c9 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 15 Mar 2019 23:12:47 +0100 Subject: [PATCH 6/6] fix site.py --- wo/cli/plugins/debug.py | 56 +++++++++++++++++++++-------------------- wo/cli/plugins/site.py | 10 ++++---- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/wo/cli/plugins/debug.py b/wo/cli/plugins/debug.py index 1db6a6a..af1cfda 100644 --- a/wo/cli/plugins/debug.py +++ b/wo/cli/plugins/debug.py @@ -191,14 +191,15 @@ class WODebugController(CementBaseController): nc.savef('/etc/nginx/conf.d/upstream.conf') # Enable xdebug - WOFileUtils.searchreplace(self, "/etc/{0}/mods-available/".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5") + + WOFileUtils.searchreplace(self, "/etc/{0}/mods-available/".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php/7.2") + "xdebug.ini", ";zend_extension", "zend_extension") # Fix slow log is not enabled default in PHP5.6 config = configparser.ConfigParser() - config.read('/etc/{0}/fpm/pool.d/debug.conf'.format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) + config.read('/etc/{0}/fpm/pool.d/debug.conf'.format( + "php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) config['debug']['slowlog'] = '/var/log/{0}/slow.log'.format("php/7.2" if ( WOVariables.wo_platform_distro == 'ubuntu') else "php5") config['debug']['request_slowlog_timeout'] = '10s' @@ -249,7 +250,8 @@ class WODebugController(CementBaseController): "/etc/{0}/fpm/php-fpm.conf".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")): Log.info(self, "Setting up PHP5-FPM log_level = debug") config = configparser.ConfigParser() - config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) + config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if ( + WOVariables.wo_platform_distro == 'ubuntu') else "php5")) config.remove_option('global', 'include') config['global']['log_level'] = 'debug' config['global']['include'] = '/etc/{0}/fpm/pool.d/*.conf'.format("php/7.2" if ( @@ -272,7 +274,8 @@ class WODebugController(CementBaseController): "/etc/{0}/fpm/php-fpm.conf".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")): Log.info(self, "Disabling PHP5-FPM log_level = debug") config = configparser.ConfigParser() - config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) + config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if ( + WOVariables.wo_platform_distro == 'ubuntu') else "php5")) config.remove_option('global', 'include') config['global']['log_level'] = 'notice' config['global']['include'] = '/etc/{0}/fpm/pool.d/*.conf'.format("php/7.2" if ( @@ -340,7 +343,8 @@ class WODebugController(CementBaseController): # Change upstream.conf nc = NginxConfig() nc.loadf('/etc/nginx/conf.d/upstream.conf') - nc.set([('upstream', 'php72',), 'server'], 'unix:/var/run/php/php72-fpm.sock') + nc.set([('upstream', 'php72',), 'server'], + 'unix:/var/run/php/php72-fpm.sock') nc.savef('/etc/nginx/conf.d/upstream.conf') # Disable xdebug @@ -620,13 +624,10 @@ class WODebugController(CementBaseController): # Reload PHP if self.trigger_php: - if WOVariables.wo_platform_distro == 'ubuntu': - if WOAptGet.is_installed(self, 'php7.2-fpm'): - WOService.reload_service(self, 'php7.2-fpm') - if WOAptGet.is_installed(self, 'php7.3-fpm'): - WOService.reload_service(self, 'php7.3-fpm') - else: + if WOAptGet.is_installed(self, 'php7.2-fpm'): WOService.reload_service(self, 'php7.2-fpm') + if WOAptGet.is_installed(self, 'php7.3-fpm'): + WOService.reload_service(self, 'php7.3-fpm') self.app.close(0) @expose(hide=True) @@ -638,12 +639,12 @@ class WODebugController(CementBaseController): self.trigger_nginx = False self.trigger_php = False - if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and (not self.app.pargs.php73) - and (not self.app.pargs.fpm) and (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) - and (not self.app.pargs.wp) and (not self.app.pargs.rewrite) - and (not self.app.pargs.all) - and (not self.app.pargs.site_name) - and (not self.app.pargs.import_slow_log) + if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and + (not self.app.pargs.php73) and (not self.app.pargs.fpm) and + (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) and + (not self.app.pargs.wp) and (not self.app.pargs.rewrite) and + (not self.app.pargs.all) and (not self.app.pargs.site_name) and + (not self.app.pargs.import_slow_log) and (not self.app.pargs.interval)): if self.app.pargs.stop or self.app.pargs.start: print("--start/stop option is deprecated since ee v3.0.5") @@ -711,7 +712,7 @@ class WODebugController(CementBaseController): self.app.pargs.nginx = 'on' self.app.pargs.php = 'on' self.app.pargs.fpm = 'on' - if (WOVariables.wo_platform_distro == 'ubuntu') and WOAptGet.is_installed(self, 'php7.2-fpm'): + if WOAptGet.is_installed(self, 'php7.2-fpm'): self.app.pargs.php73 = 'on' self.app.pargs.fpm73 = 'on' self.app.pargs.mysql = 'on' @@ -723,16 +724,17 @@ class WODebugController(CementBaseController): self.app.pargs.nginx = 'off' self.app.pargs.php = 'off' self.app.pargs.fpm = 'off' - if (WOVariables.wo_platform_distro == 'ubuntu') and WOAptGet.is_installed(self, 'php7.2-fpm'): + if WOAptGet.is_installed(self, 'php7.2-fpm'): self.app.pargs.php73 = 'off' self.app.pargs.fpm73 = 'off' self.app.pargs.mysql = 'off' self.app.pargs.rewrite = 'off' - if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and (not self.app.pargs.php73) - and (not self.app.pargs.fpm) and (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) - and (not self.app.pargs.wp) and (not self.app.pargs.rewrite) - and self.app.pargs.site_name): + if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and + (not self.app.pargs.php73) and (not self.app.pargs.fpm) and + (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) and + (not self.app.pargs.wp) and (not self.app.pargs.rewrite) and + self.app.pargs.site_name): self.app.args.print_help() # self.app.pargs.nginx = 'on' # self.app.pargs.wp = 'on' @@ -768,10 +770,10 @@ class WODebugController(CementBaseController): WOService.reload_service(self, 'nginx') # Reload PHP if self.trigger_php: - if WOAptGet.is_installed(self, 'php7.2-fpm'): - WOService.restart_service(self, 'php7.2-fpm') - if WOAptGet.is_installed(self, 'php7.3-fpm'): - WOService.restart_service(self, 'php7.3-fpm') + if WOAptGet.is_installed(self, 'php7.2-fpm'): + WOService.restart_service(self, 'php7.2-fpm') + if WOAptGet.is_installed(self, 'php7.3-fpm'): + WOService.restart_service(self, 'php7.3-fpm') if len(self.msg) > 0: if not self.app.pargs.interactive: diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 89c8a61..6963df9 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -678,8 +678,8 @@ class WOSiteCreateController(CementBaseController): Log.error(self, "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") - if self.app.pargs.letsencrypt and - (not pargs.letsencrypt == "wildcard"): + if (self.app.pargs.letsencrypt and + not pargs.letsencrypt == "wildcard"): if stype in ['wpsubdomain']: Log.warn( self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.") @@ -773,7 +773,7 @@ class WOSiteUpdateController(CementBaseController): (['-le', '--letsencrypt'], dict(help="configure letsencrypt ssl for the site", action='store' or 'store_const', - choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), + choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--proxy'], dict(help="update to proxy site", nargs='+')), @@ -1277,9 +1277,9 @@ class WOSiteUpdateController(CementBaseController): if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - # Log.info(self,"Removing Cron Job set for + # Log.info(self,"Removing Cron Job set for # cert auto-renewal") - # WOCron.remove_cron(self,'wo site update {0} + # WOCron.remove_cron(self,'wo site update {0} # --le=renew --min_expiry_limit 30 2> \/dev\/null' # .format(wo_domain)) Log.info(self, "Successfully Disabled SSl for Site "