projects
/
lets-encrypt-tiny.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add support for generating crt+chain files
[lets-encrypt-tiny.git]
/
letsencrypt-tiny
diff --git
a/letsencrypt-tiny
b/letsencrypt-tiny
index eb9d17150f9ecc99650db4de46fc1f3918a4bd8c..033887e05452df5130186c7a45f1290802ba8835 100755
(executable)
--- a/
letsencrypt-tiny
+++ b/
letsencrypt-tiny
@@
-60,26
+60,34
@@
def acme(name, domains):
file.write(csr)
# call acme-tiny as a script
acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py')
file.write(csr)
# call acme-tiny as a script
acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py')
- signed_crt = subprocess.check_output([acme_tiny, "--quiet", "--account-key", config['acme']['account-key'], "--csr", csrfile(name), "--acme-dir", config['acme']['challenge-dir']])
+ signed_crt = subprocess.check_output([
"python",
acme_tiny, "--quiet", "--account-key", config['acme']['account-key'], "--csr", csrfile(name), "--acme-dir", config['acme']['challenge-dir']])
# save new certificate
make_backup(certfile(name))
with open(certfile(name), 'wb') as f:
f.write(signed_crt)
# append DH params
# save new certificate
make_backup(certfile(name))
with open(certfile(name), 'wb') as f:
f.write(signed_crt)
# append DH params
- dhfile = config['DEFAULT']
['dh-params']
+ dhfile = config['DEFAULT']
.get('dh-params')
if dhfile is not None:
with open(dhfile, 'rb') as f:
dh = f.read()
with open(certfile(name, 'dh'), 'wb') as f:
f.write(signed_crt)
f.write(dh)
if dhfile is not None:
with open(dhfile, 'rb') as f:
dh = f.read()
with open(certfile(name, 'dh'), 'wb') as f:
f.write(signed_crt)
f.write(dh)
+ # append chain
+ chainfile = config['DEFAULT'].get('chain')
+ if chainfile is not None:
+ with open(chainfile, 'rb') as f:
+ chain = f.read()
+ with open(certfile(name, 'chain'), 'wb') as f:
+ f.write(signed_crt)
+ f.write(chain)
def request_cert(name):
global config
if not os.path.exists(keyfile(name)):
raise Exception("No such key: {}".format(name))
domains = config['DEFAULT']['domains'].split()
def request_cert(name):
global config
if not os.path.exists(keyfile(name)):
raise Exception("No such key: {}".format(name))
domains = config['DEFAULT']['domains'].split()
- print("Obtaining certificate '{}' for domains {}".format(name, ' '.join(domains)))
+ print("Obtaining certificate '{}' for domains
:
{}".format(name, ' '.join(domains)))
acme(name, domains)
def generate_key(name):
acme(name, domains)
def generate_key(name):
@@
-97,9
+105,10
@@
def generate_key(name):
def check_staging():
'''Returns 0 if nothing was done, 1 if a stage key is present but has to be kept, 2 is a stage key was unstaged.'''
live = config['files']['live']
def check_staging():
'''Returns 0 if nothing was done, 1 if a stage key is present but has to be kept, 2 is a stage key was unstaged.'''
live = config['files']['live']
- staging = config['files']
['staging']
+ staging = config['files']
.get('staging')
if staging is None or not os.path.exists(keyfile(staging)):
return 0
if staging is None or not os.path.exists(keyfile(staging)):
return 0
+
staging_time = datetime.timedelta(hours = int(config['timing']['staging-hours']))
key_age = datetime.datetime.now() - key_mtime(staging)
if key_age < staging_time:
staging_time = datetime.timedelta(hours = int(config['timing']['staging-hours']))
key_age = datetime.datetime.now() - key_mtime(staging)
if key_age < staging_time:
@@
-114,12
+123,16
@@
def check_staging():
os.rename(src = certfile(staging, 'dh'), dst = certfile(live, 'dh'))
except FileNotFoundError:
pass
os.rename(src = certfile(staging, 'dh'), dst = certfile(live, 'dh'))
except FileNotFoundError:
pass
+ try:
+ os.rename(src = certfile(staging, 'chain'), dst = certfile(live, 'chain'))
+ except FileNotFoundError:
+ pass
return 2
def auto_renewal():
'''Returns 0 if nothing was done, 1 if only certs were changed, 2 if certs and keys were changed.'''
live = config['files']['live']
return 2
def auto_renewal():
'''Returns 0 if nothing was done, 1 if only certs were changed, 2 if certs and keys were changed.'''
live = config['files']['live']
- staging = config['files']
['staging']
+ staging = config['files']
.get('staging')
max_key_age = datetime.timedelta(days = int(config['timing']['max-key-age-days']))
renew_cert_time = datetime.timedelta(days = int(config['timing']['renew-cert-before-expiry-days']))
max_key_age = datetime.timedelta(days = int(config['timing']['max-key-age-days']))
renew_cert_time = datetime.timedelta(days = int(config['timing']['renew-cert-before-expiry-days']))
@@
-168,7
+181,7
@@
if __name__ == "__main__":
if args.action[0] == 'renew':
live = config['files']['live']
if args.action[0] == 'renew':
live = config['files']['live']
- staging = config['files']
['staging']
+ staging = config['files']
.get('staging')
request_cert(live)
if staging is not None and os.path.exists(keyfile(staging)):
request_cert(live)
if staging is not None and os.path.exists(keyfile(staging)):
projects / lets-encrypt-tiny.git / blobdiff