mirror of
https://github.com/moepman/acertmgr.git
synced 2025-01-01 05:31:51 +01:00
replace target files based on timestamp
instead of relying on the cached certificate file being updated. This allows multiple configuration files for the same domain. To avoid replacing existing entries, the format is changed from a dictionary to a list, and setting domains in acme.conf is no longer supported.
This commit is contained in:
parent
2202fe867b
commit
f16868bb6c
22
acertmgr.py
22
acertmgr.py
@ -72,6 +72,15 @@ class ACMERequestHandler(SimpleHTTPRequestHandler):
|
|||||||
def start_standalone(server):
|
def start_standalone(server):
|
||||||
server.serve_forever()
|
server.serve_forever()
|
||||||
|
|
||||||
|
# @brief check whether existing target file is still valid or source crt has been updated
|
||||||
|
# @param target string containing the path to the target file
|
||||||
|
# @param crt_file string containing the path to the certificate file
|
||||||
|
# @return True if target file is at least as new as the certificate, False otherwise
|
||||||
|
def target_isCurrent(target, crt_file):
|
||||||
|
target_date = os.path.getmtime(target)
|
||||||
|
crt_date = os.path.getmtime(crt_file)
|
||||||
|
return target_date >= crt_date
|
||||||
|
|
||||||
# @brief check whether existing certificate is still valid or expiring soon
|
# @brief check whether existing certificate is still valid or expiring soon
|
||||||
# @param crt_file string containing the path to the certificate file
|
# @param crt_file string containing the path to the certificate file
|
||||||
# @param ttl_days the minimum amount of days for which the certificate must be valid
|
# @param ttl_days the minimum amount of days for which the certificate must be valid
|
||||||
@ -230,22 +239,22 @@ if __name__ == "__main__":
|
|||||||
config = yaml.load(config_fd)
|
config = yaml.load(config_fd)
|
||||||
if not config:
|
if not config:
|
||||||
config = {}
|
config = {}
|
||||||
if 'domains' not in config:
|
|
||||||
config['domains'] = {}
|
|
||||||
if 'defaults' not in config:
|
if 'defaults' not in config:
|
||||||
config['defaults'] = {}
|
config['defaults'] = {}
|
||||||
|
|
||||||
|
config['domains'] = []
|
||||||
# load domain configuration
|
# load domain configuration
|
||||||
for config_file in os.listdir(ACME_CONFD):
|
for config_file in os.listdir(ACME_CONFD):
|
||||||
if config_file.endswith(".conf"):
|
if config_file.endswith(".conf"):
|
||||||
with open(ACME_CONFD + config_file) as config_fd:
|
with open(ACME_CONFD + config_file) as config_fd:
|
||||||
config['domains'].update(yaml.load(config_fd))
|
for entry in yaml.load(config_fd).items():
|
||||||
|
config['domains'].append(entry)
|
||||||
|
|
||||||
# post-update actions (run only once)
|
# post-update actions (run only once)
|
||||||
actions = set()
|
actions = set()
|
||||||
|
|
||||||
# check certificate validity and obtain/renew certificates if needed
|
# check certificate validity and obtain/renew certificates if needed
|
||||||
for domain, domaincfgs in config['domains'].items():
|
for domain, domaincfgs in config['domains']:
|
||||||
# skip domains without any output files
|
# skip domains without any output files
|
||||||
if domaincfgs is None:
|
if domaincfgs is None:
|
||||||
continue
|
continue
|
||||||
@ -253,8 +262,9 @@ if __name__ == "__main__":
|
|||||||
ttl_days = int(config.get('ttl_days', 15))
|
ttl_days = int(config.get('ttl_days', 15))
|
||||||
if not cert_isValid(crt_file, ttl_days):
|
if not cert_isValid(crt_file, ttl_days):
|
||||||
cert_get(domain, config)
|
cert_get(domain, config)
|
||||||
for domaincfg in domaincfgs:
|
for domaincfg in domaincfgs:
|
||||||
cfg = complete_config(domaincfg, config['defaults'])
|
cfg = complete_config(domaincfg, config['defaults'])
|
||||||
|
if not target_isCurrent(cfg['path'], crt_file):
|
||||||
cert_put(domain, cfg)
|
cert_put(domain, cfg)
|
||||||
|
|
||||||
# run post-update actions
|
# run post-update actions
|
||||||
|
Loading…
Reference in New Issue
Block a user