- # call acme-tiny as a script
- acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py')
- signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", config['acme']['account-key'], "--csr", csrfile(name), "--acme-dir", config['acme']['challenge-dir']])
- # save new certificate
- make_backup(certfile(name))
- with open(certfile(name), 'wb') as f:
- f.write(signed_crt)
- # clean up
- os.remove(csrfile(name))
+ try:
+ # call acme-tiny as a script
+ acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py')
+ signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']])
+ # save new certificate
+ make_backup(certfilename)
+ with open(certfilename, 'wb') as f:
+ f.write(signed_crt)
+ finally:
+ # clean up
+ os.remove(csrfilename)
+
+def openssl_genrsa(keyfilename):
+ with subprocess.Popen(["openssl", "genrsa", str(int(config['DEFAULT']['key-length']))], stdout=subprocess.PIPE, stderr=subprocess.PIPE) as f:
+ (stdout, stderr) = f.communicate()
+ if f.returncode:
+ sys.stderr.write(stderr)
+ raise Exception("Error while generating private key")
+ # Now we have a key, save it. This should never overwrite anything.
+ assert not os.path.exists(keyfilename)
+ with open(keyfilename, 'wb') as f:
+ f.write(stdout)