1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-14 18:35:27 +01:00

Acutally invoke acme_tiny (using the staging API)

This commit is contained in:
Markus 2016-01-11 20:51:23 +01:00
parent b1d25d1821
commit 0ab3919d73
2 changed files with 11 additions and 9 deletions

View File

@ -13,7 +13,7 @@ Requirements
* Python (2.7+ and 3.4+ should work) * Python (2.7+ and 3.4+ should work)
* PyYAML * PyYAML
* acme\_tiny (`acme_tiny.py` placed in `/opt/acme/acme_tiny.py`) * acme\_tiny (`acme_tiny.py` placed next to `acertmgr.py`)
Configuration Configuration
------------- -------------

View File

@ -5,6 +5,7 @@
# Copyright (c) Markus Hauschild, 2016. # Copyright (c) Markus Hauschild, 2016.
import acme_tiny
import datetime import datetime
import dateutil.parser import dateutil.parser
import dateutil.relativedelta import dateutil.relativedelta
@ -17,8 +18,8 @@ import yaml
ACME_DIR="/etc/acme/" ACME_DIR="/etc/acme/"
ACME_CONF=ACME_DIR + "acme.conf" ACME_CONF=ACME_DIR + "acme.conf"
ACME_CONFD=ACME_DIR + "domains.d/" ACME_CONFD=ACME_DIR + "domains.d/"
ACME_TINY="/opt/acme/acme_tiny.py" CHALLENGE_DIR="/var/www/acme/"
LE_CA="https://acme-staging.api.letsencrypt.org"
# @brief check whether existing certificate is still valid or expiring soon # @brief check whether existing certificate is still valid or expiring soon
# @param crt_file string containing the path to the certificate file # @param crt_file string containing the path to the certificate file
@ -69,17 +70,18 @@ def cert_get(domain, settings):
raise "The account key file (%s) is missing!" % acc_file raise "The account key file (%s) is missing!" % acc_file
csr_file = "/tmp/%s.csr" % domain csr_file = "/tmp/%s.csr" % domain
if os.path.lexists(csr_file): crt_file = "/tmp/%s.crt" % domain
if os.path.lexists(csr_file) or os.path.lexists(crt_file):
raise "A temporary file already exists!" raise "A temporary file already exists!"
if not os.path.exists(ACME_TINY):
raise "acme_tiny (%s) is missing!" % ACME_TINY
crt_file = "/tmp/%s.crt" % domain
cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain]) cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
# TODO run acme_tiny # get certificate
crt = acme_tiny.get_crt(acc_file, csr_file, CHALLENGE_DIR, CA = LE_CA)
with open(crt_file, "w") as crt_fd:
crt_fd.write(crt)
# TODO check if resulting certificate is valid # TODO check if resulting certificate is valid
os.remove(csr_file) os.remove(csr_file)