From 55dd798b779e9da0312dc94c50fe559b7d3076a0 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 11 Jan 2016 20:15:31 +0100 Subject: [PATCH] More checks (e.g. for acme_tiny) --- README.md | 7 +++++++ acertmgr.py | 20 ++++++++++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e81ada0..f78d940 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,13 @@ Running ACERTMGR The main file acertmgr.py is intended to be run regularly (e.g. as daily cron job) as root. +Requirements +------------ + +Python (2.7+ and 3.4+ should work) +PyYAML +acme\_tiny (`acme_tiny.py` placed in `/opt/acme/acme_tiny.py`) + Configuration ------------- diff --git a/acertmgr.py b/acertmgr.py index d5465bf..da159e9 100755 --- a/acertmgr.py +++ b/acertmgr.py @@ -17,6 +17,7 @@ import yaml ACME_DIR="/etc/acme/" ACME_CONF=ACME_DIR + "acme.conf" ACME_CONFD=ACME_DIR + "domains.d/" +ACME_TINY="/opt/acme/acme_tiny.py" # @brief check whether existing certificate is still valid or expiring soon @@ -57,19 +58,26 @@ def cert_isValid(crt_file, ttl_days): # @param domain string containing the domain name # @param settings the domain's configuration options def cert_get(domain, settings): + print("Getting certificate for %s." % domain) + key_file = ACME_DIR + "server.key" if not os.path.exists(key_file): - raise "The server key file is missing!" + raise "The server key file (%s) is missing!" % key_file + + acc_file = ACME_DIR + "account.key" + if not os.path.exists(acc_file): + raise "The account key file (%s) is missing!" % acc_file csr_file = "/tmp/%s.csr" % domain - crt_file = "/tmp/%s.crt" % domain - if os.path.lexists(csr_file) or os.path.lexists(crt_file): + if os.path.lexists(csr_file): raise "A temporary file already exists!" - print("Getting certificate for %s." % domain) - cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain]) + if not os.path.exists(ACME_TINY): + raise "acme_tiny (%s) is missing!" % ACME_TINY - # TODO prepare everything for ACME challanges + crt_file = "/tmp/%s.crt" % domain + + cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain]) # TODO run acme_tiny # TODO check if resulting certificate is valid