Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove renew section

Browse Source
This commit is contained in:
VirtuBox
2019-10-01 18:15:22 +02:00
parent 7dba29da06
commit d9980998fa
1 changed files with 79 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

232
wo/cli/plugins/site.py
View File

@@ -1289,86 +1289,6 @@ class WOSiteUpdateController(CementBaseController):
"site") "site")
pargs.letsencrypt = False pargs.letsencrypt = False
# --letsencrypt=renew code goes here
if pargs.letsencrypt == "renew" and not pargs.all:
expiry_days = SSL.getexpirationdays(self, wo_domain)
min_expiry_days = 45
if check_ssl:
if (expiry_days <= min_expiry_days):
renewLetsEncrypt(self, wo_domain)
elif pargs.force:
renewLetsEncrypt(self, wo_domain)
else:
Log.error(
self, "You have more than 30 days with the current "
"certificate - refusing to run.")
else:
Log.error(
self, "Cannot renew - HTTPS is not configured for "
"the given site. Install LE first...")
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "SUCCESS: Certificate was successfully renewed For"
" https://{0}".format(wo_domain))
if (SSL.getexpirationdays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " +
str(SSL.getexpirationdays(self, wo_domain)) +
" days.")
Log.info(self, "Expiration date: " +
str(SSL.getexpirationdate(self, wo_domain)))
else:
Log.warn(
self, "The certificate seems to be already expired. "
"Please renew it as soon as possible...")
return 0
if pargs.all and pargs.letsencrypt == "renew":
if check_ssl:
expiry_days = SSL.getExpirationDays(self, wo_domain, True)
if expiry_days < 0:
return 0
min_expiry_days = 45
if (expiry_days <= min_expiry_days):
renewLetsEncrypt(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "SUCCESS: Certificate was successfully "
"renewed For https://{0}".format(wo_domain))
elif pargs.force:
renewLetsEncrypt(self, wo_domain)
Log.info(self, "Certificate was successfully renewed")
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "SUCCESS: Certificate was successfully "
"renewed For https://{0}".format(wo_domain))
else:
Log.info(
self, "You have more than 45 days with the current "
"certificate - refusing to run.\n")
if (SSL.getexpirationdays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " +
str(SSL.getexpirationdays(self, wo_domain)) +
" days.")
Log.info(self, "Expiration date: \n\n" +
str(SSL.getexpirationdate(self, wo_domain)))
return 0
# else:
# Log.warn(self, "Your cert already EXPIRED !
# .PLEASE renew soon . ")
else:
Log.info(
self, "SSL not configured for "
"site http://{0}".format(wo_domain))
return 0
if pargs.all and pargs.letsencrypt == "off": if pargs.all and pargs.letsencrypt == "off":
if letsencrypt is check_ssl: if letsencrypt is check_ssl:
if letsencrypt is False: if letsencrypt is False:
@@ -1466,57 +1386,61 @@ class WOSiteUpdateController(CementBaseController):
if pargs.letsencrypt: if pargs.letsencrypt:
if data['letsencrypt'] is True: if data['letsencrypt'] is True:
# DNS API configuration if WOAcme.cert_check(self, wo_domain):
if pargs.dns: archivedCertificateHandle(self, wo_domain)
Log.debug(self, "DNS validation enabled")
acmedata['dns'] = True
if not pargs.dns == 'dns_cf':
Log.debug(self, "DNS API : {0}".format(pargs.dns))
acmedata['acme_dns'] = pargs.dns
if pargs.dnsalias:
Log.debug(self, "DNS Alias enabled")
acmedata['dnsalias'] = True
acmedata['acme_alias'] = pargs.dnsalias
# Set list of domains to secure
if acme_subdomain is True:
Log.info(self, "Certificate type : subdomain")
acme_domains = acme_domains + ['{0}'.format(wo_domain)]
elif acme_wildcard is True:
Log.info(self, "Certificate type : wildcard")
acme_domains = acme_domains + ['{0}'.format(wo_domain),
'*.{0}'.format(wo_domain)]
else: else:
Log.info(self, "Certificate type : domain") # DNS API configuration
acme_domains = acme_domains + ['{0}'.format(wo_domain), if pargs.dns:
'www.{0}'.format(wo_domain)] Log.debug(self, "DNS validation enabled")
acmedata['dns'] = True
if not pargs.dns == 'dns_cf':
Log.debug(self, "DNS API : {0}".format(pargs.dns))
acmedata['acme_dns'] = pargs.dns
if pargs.dnsalias:
Log.debug(self, "DNS Alias enabled")
acmedata['dnsalias'] = True
acmedata['acme_alias'] = pargs.dnsalias
# Set list of domains to secure
if acme_subdomain is True:
Log.info(self, "Certificate type : subdomain")
acme_domains = acme_domains + ['{0}'.format(wo_domain)]
elif acme_wildcard is True:
Log.info(self, "Certificate type : wildcard")
acme_domains = \
acme_domains + ['{0}'.format(wo_domain),
'*.{0}'.format(wo_domain)]
else:
Log.info(self, "Certificate type : domain")
acme_domains = \
acme_domains + ['{0}'.format(wo_domain),
'www.{0}'.format(wo_domain)]
if acme_subdomain: if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled"):
# check if a wildcard cert for the root domain exist if acme_subdomain:
Log.debug(self, "checkWildcardExist on *.{0}" Log.debug(self, "checkWildcardExist on *.{0}"
.format(wo_root_domain)) .format(wo_root_domain))
iswildcard = SSL.checkwildcardexist(self, wo_root_domain) if SSL.checkwildcardexist(self, wo_root_domain):
Log.debug(self, "iswildcard = {0}".format(iswildcard)) Log.info(
if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled"): self, "Using existing Wildcard SSL "
if acme_subdomain: "certificate from {0} to secure {1}"
if iswildcard: .format(wo_root_domain, wo_domain))
Log.info(self, "Using existing Wildcard SSL " Log.debug(
"certificate from {0} to secure {1}" self, "symlink wildcard "
.format(wo_root_domain, wo_domain)) "cert between {0} & {1}"
Log.debug(self, "symlink wildcard " .format(wo_domain, wo_root_domain))
"cert between {0} & {1}" # copy the cert from the root domain
.format(wo_domain, wo_root_domain)) copyWildcardCert(self, wo_domain,
# copy the cert from the root domain wo_root_domain)
copyWildcardCert(self, wo_domain, wo_root_domain) else:
else: # check DNS records before issuing cert
# check DNS records before issuing cert if not acmedata['dns'] is True:
if not acmedata['dns'] is True: if not pargs.force:
if not pargs.force: if not WOAcme.check_dns(self,
if not WOAcme.check_dns(self, acme_domains):
acme_domains): Log.error(
Log.error( self,
self, "Aborting SSL certificate "
"Aborting SSL certificate " "issuance")
"issuance")
Log.debug(self, "Setup Cert with acme.sh for {0}" Log.debug(self, "Setup Cert with acme.sh for {0}"
.format(wo_domain)) .format(wo_domain))
if WOAcme.setupletsencrypt( if WOAcme.setupletsencrypt(
@@ -1524,32 +1448,34 @@ class WOSiteUpdateController(CementBaseController):
WOAcme.deploycert(self, wo_domain) WOAcme.deploycert(self, wo_domain)
else: else:
Log.error(self, "Unable to issue certificate") Log.error(self, "Unable to issue certificate")
else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not pargs.force:
if not WOAcme.check_dns(self, acme_domains):
Log.error(
self,
"Aborting SSL certificate issuance")
if WOAcme.setupletsencrypt(
self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain)
else: else:
Log.error(self, "Unable to issue certificate") # check DNS records before issuing cert
else: if not acmedata['dns'] is True:
WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf.disabled" if not pargs.force:
.format(wo_site_webroot), if not WOAcme.check_dns(self, acme_domains):
'{0}/conf/nginx/ssl.conf' Log.error(
.format(wo_site_webroot)) self,
WOFileUtils.mvfile(self, "/etc/nginx/conf.d/" "Aborting SSL certificate issuance")
"force-ssl-{0}.conf.disabled" if WOAcme.setupletsencrypt(
.format(wo_domain), self, acme_domains, acmedata):
'/etc/nginx/conf.d/force-ssl-{0}.conf' WOAcme.deploycert(self, wo_domain)
.format(wo_domain)) else:
Log.error(self, "Unable to issue certificate")
else:
WOFileUtils.mvfile(
self, "{0}/conf/nginx/ssl.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/ssl.conf'
.format(wo_site_webroot))
WOFileUtils.mvfile(
self, "/etc/nginx/conf.d/"
"force-ssl-{0}.conf.disabled"
.format(wo_domain),
'/etc/nginx/conf.d/force-ssl-{0}.conf'
.format(wo_domain))
httpsRedirect(self, wo_domain, True, acme_wildcard) httpsRedirect(self, wo_domain, True, acme_wildcard)
SSL.siteurlhttps(self, wo_domain) SSL.siteurlhttps(self, wo_domain)
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "