Make key location dynamic

Besides the fact that this removes redundant code, hard coded location of file is generally no good idea Also adapt README.md and provide a default location for key files. Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2024-11-14 17:25:26 +01:00 · 2016-04-10 01:10:33 +02:00 · 2016-04-10 01:10:33 +02:00 · 35d9d39b26
commit 35d9d39b26
parent f6f3180617
2 changed files with 22 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -52,6 +52,12 @@ All configuration files use yaml syntax.
 mode: webdir
 #mode: standalone
 #port: 13135
 # Optional: account_key location. This defaults to "/etc/acme/account.key"
 account_key: "/etc/acme/acc.key"
 # Optional: server_key location. This defaults to "/etc/acme/server.key"
 server_key: "/etc/acme/serv.key"
 webdir: /var/www/acme-challenge/
 authority: "https://acme-v01.api.letsencrypt.org"
 #authority: "https://acme-staging.api.letsencrypt.org"
--- a/acertmgr.py
+++ b/acertmgr.py
@ -24,6 +24,8 @@ ACME_DIR="/etc/acme"
 ACME_CONF=os.path.join(ACME_DIR, "acme.conf")
 ACME_CONFD=os.path.join(ACME_DIR, "domains.d")
 ACME_DEFAULT_SERVER_KEY = os.path.join(ACME_DIR, "server.key")
 ACME_DEFAULT_ACCOUNT_KEY = os.path.join(ACME_DIR, "account.key")
 class FileNotFoundError(OSError):
 	pass
@ -71,11 +73,11 @@ def cert_get(domains, settings):
 	domain = domains.split(' ')[0]
 	print("Getting certificate for %s." % domain)
-	key_file = os.path.join(ACME_DIR, "server.key")
+	key_file = settings['server_key']
 	if not os.path.isfile(key_file):
 		raise FileNotFoundError("The server key file (%s) is missing!" % key_file)
-	acc_file = os.path.join(ACME_DIR, "account.key")
+	acc_file = settings['account_key']
 	if not os.path.isfile(acc_file):
 		raise FileNotFoundError("The account key file (%s) is missing!" % acc_file)
@ -131,7 +133,7 @@ def cert_put(domain, settings):
 	crt_format = settings['format'].split(",")
 	crt_action = settings['action']
-	key_file = os.path.join(ACME_DIR, "server.key")
+	key_file = settings['server_key']
 	crt_final = os.path.join(ACME_DIR, ("%s.crt" % domain.split(' ')[0]))
 	with open(crt_path, "w+") as crt_fd:
@ -173,8 +175,9 @@ def cert_put(domain, settings):
 # @param domainconfig the domain configuration
 # @param defaults the default configuration
 # @return the augmented configuration
-def complete_config(domainconfig, defaults):
+def complete_config(domainconfig, globalconfig):
-	if defaults:
+	defaults = globalconfig['defaults']
 	domainconfig['server_key'] = globalconfig['server_key']
 	for name, value in defaults.items():
 		if name not in domainconfig:
 			domainconfig[name] = value
@ -192,6 +195,10 @@ if __name__ == "__main__":
 		config = {}
 	if 'defaults' not in config:
 		config['defaults'] = {}
 	if 'server_key' not in config:
 		config['server_key'] = ACME_DEFAULT_SERVER_KEY
 	if 'account_key' not in config:
 		config['account_key'] = ACME_DEFAULT_ACCOUNT_KEY
 	config['domains'] = []
 	# load domain configuration
@ -214,7 +221,7 @@ if __name__ == "__main__":
 		if not cert_isValid(crt_file, ttl_days):
 			cert_get(domains, config)
 		for domaincfg in domaincfgs:
-			cfg = complete_config(domaincfg, config['defaults'])
+			cfg = complete_config(domaincfg, config)
 			if not target_isCurrent(cfg['path'], crt_file):
 				actions.add(cert_put(domains, cfg))