expand sample crontab
[lets-encrypt-tiny.git] / letsencrypt-tiny
index 78d38b7d65f987dedc28c0015233a61904eadf41..7f23ad5cc0e0242c10272dad17533792a073c529 100755 (executable)
@@ -63,7 +63,7 @@ def acme(keyfilename, certfilename, domains):
         file.write(csr)
     try:
         # call acme-tiny as a script
         file.write(csr)
     try:
         # call acme-tiny as a script
-        acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py')
+        acme_tiny = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'acme-tiny', 'acme_tiny.py')
         signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']])
         # save new certificate
         make_backup(certfilename)
         signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']])
         # save new certificate
         make_backup(certfilename)
@@ -94,6 +94,7 @@ def request_cert(name):
     acme(keyfile(name), certfile(name), domains)
 
 def generate_key(name):
     acme(keyfile(name), certfile(name), domains)
 
 def generate_key(name):
+    assert not os.path.exists(certfile(name)), "Don't make create a new key for an old cert"
     print("Generating new private key '{}'".format(name))
     openssl_genrsa(keyfile(name))
 
     print("Generating new private key '{}'".format(name))
     openssl_genrsa(keyfile(name))
 
@@ -204,6 +205,7 @@ if __name__ == "__main__":
         live = config['files']['live']
         if not os.path.exists(keyfile(live)):
             generate_key(live)
         live = config['files']['live']
         if not os.path.exists(keyfile(live)):
             generate_key(live)
+        if not os.path.exists(certfile(live)):
             request_cert(live)
             if args.hooks:
                 trigger_hook('post-certchange')
             request_cert(live)
             if args.hooks:
                 trigger_hook('post-certchange')