X-Git-Url: https://git.ralfj.de/lets-encrypt-tiny.git/blobdiff_plain/447af53ef3d1c8f62d09a692236d881bcf7fc312..e539479a2ad428ddc5a30b2773189411a891723e:/letsencrypt-tiny diff --git a/letsencrypt-tiny b/letsencrypt-tiny index c6b4cc0..d4e696d 100755 --- a/letsencrypt-tiny +++ b/letsencrypt-tiny @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -## Call with "--help" for documentation. +## See for documentation. import argparse, configparser, itertools, stat, os, os.path, sys, subprocess, datetime @@ -58,18 +58,20 @@ def acme(keyfilename, certfilename, domains): # Generating the CSR is done by a shell script exe = os.path.join(os.path.dirname(__file__), 'gencsr') csr = subprocess.check_output([exe, keyfilename] + domains) - assert not os.path.exists(csrfilename) + assert not os.path.exists(csrfilename), "The temporary CSR file {} still exists. It seems something went wrong on a previous request. You may want to remove the file manually.".format(csrfilename) with open(csrfilename, 'wb') as file: file.write(csr) - # call acme-tiny as a script - acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py') - signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']]) - # save new certificate - make_backup(certfilename) - with open(certfilename, 'wb') as f: - f.write(signed_crt) - # clean up - os.remove(csrfilename) + try: + # call acme-tiny as a script + acme_tiny = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'acme-tiny', 'acme_tiny.py') + signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']]) + # save new certificate + make_backup(certfilename) + with open(certfilename, 'wb') as f: + f.write(signed_crt) + finally: + # clean up + os.remove(csrfilename) def openssl_genrsa(keyfilename): with subprocess.Popen(["openssl", "genrsa", str(int(config['DEFAULT']['key-length']))], stdout=subprocess.PIPE, stderr=subprocess.PIPE) as f: @@ -92,6 +94,7 @@ def request_cert(name): acme(keyfile(name), certfile(name), domains) def generate_key(name): + assert not os.path.exists(certfile(name)), "Don't make create a new key for an old cert" print("Generating new private key '{}'".format(name)) openssl_genrsa(keyfile(name)) @@ -202,6 +205,7 @@ if __name__ == "__main__": live = config['files']['live'] if not os.path.exists(keyfile(live)): generate_key(live) + if not os.path.exists(certfile(live)): request_cert(live) if args.hooks: trigger_hook('post-certchange')