acertmgr: add force renew option to immediately renew a cert

2019-03-27 15:31:15 +01:00 · 2019-03-27 15:31:15 +01:00 · bd27db4ebd
parent dfaca3b58f
commit bd27db4ebd
2 changed files with 19 additions and 7 deletions
--- a/acertmgr/init.py
+++ b/acertmgr/init.py
@ -11,6 +11,7 @@ import importlib
 import io
 import os
 import pwd
+import re
 import stat
 import subprocess

@ -150,15 +151,16 @@ def main():

    # check certificate validity and obtain/renew certificates if needed
    for config in domainconfigs:
-        cert_file = config['cert_file']
-        cert_file_exists = os.path.isfile(cert_file)
-        if cert_file_exists:
-            cert = tools.read_pem_file(cert_file)
-        if not cert_file_exists or not tools.is_cert_valid(cert, config['ttl_days']):
-                cert_get(config)
+        cert = None
+        if os.path.isfile(config['cert_file']):
+            cert = tools.read_pem_file(config['cert_file'])
+        if not cert or not tools.is_cert_valid(cert, config['ttl_days']) or \
+                ('force_renew' in runtimeconfig and re.search(r'(^| ){}( |$)'.format(
+                    re.escape(runtimeconfig['force_renew'])), config['domains'])):
+            cert_get(config)

        for cfg in config['actions']:
-            if not tools.target_is_current(cfg['path'], cert_file):
+            if not tools.target_is_current(cfg['path'], config['cert_file']):
                print("Updating '{}' due to newer version".format(cfg['path']))
                actions.add(cert_put(cfg))

--- a/acertmgr/configuration.py
+++ b/acertmgr/configuration.py
@ -201,6 +201,8 @@ def load():
                        help="persistent work data directory (default=config_dir)")
    parser.add_argument("--authority-tos-agreement", "--tos-agreement", "--tos", nargs="?",
                        help="Agree to the authorities Terms of Service (value required depends on authority)")
+    parser.add_argument("--force-renew", "--renew-now", nargs="?",
+                        help="Renew all domain configurations matching the given value immediately")
    args = parser.parse_args()

    # Determine global configuration file
@ -243,6 +245,14 @@ def load():
    else:
        runtimeconfig['authority_tos_agreement'] = None

+    # - force-rewew
+    if args.force_renew:
+        domaintranslation = idna_convert(args.force_renew.split(' '))
+        if len(domaintranslation) > 0:
+            runtimeconfig['force_renew'] = ' '.join(domaintranslation.values())
+        else:
+            runtimeconfig['force_renew'] = args.force_renew
+
    # Global configuration: Load from file
    globalconfig = dict()
    if os.path.isfile(global_config_file):