X-Git-Url: https://git.ralfj.de/lets-encrypt-tiny.git/blobdiff_plain/c7aba3f7951b2c9a689fae1ad59136bb9307c15d..HEAD:/letsencrypt-tiny diff --git a/letsencrypt-tiny b/letsencrypt-tiny index 7ca3f55..eef52e7 100755 --- a/letsencrypt-tiny +++ b/letsencrypt-tiny @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -## Call with "--help" for documentation. +## See for documentation. import argparse, configparser, itertools, stat, os, os.path, sys, subprocess, datetime @@ -21,6 +21,7 @@ def keyfile(name): def make_backup(fname): if os.path.exists(fname): + os.makedirs(config['dirs']['backups'], exist_ok = True) backupname = os.path.basename(fname) + "." + str(datetime.date.today()) i = 0 while True: @@ -63,8 +64,8 @@ def acme(keyfilename, certfilename, domains): file.write(csr) try: # call acme-tiny as a script - acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py') - signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']]) + acme_tiny = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'acme-tiny', 'acme_tiny.py') + signed_crt = subprocess.check_output(["python3", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']]) # save new certificate make_backup(certfilename) with open(certfilename, 'wb') as f: @@ -123,9 +124,12 @@ def auto_renewal(live, staging): # determine what to do now = datetime.datetime.now() key_age = now - key_mtime(live) - cert_validity = cert_expiry(live) - now need_new_key = key_age >= max_key_age - need_new_cert = cert_validity <= renew_cert_time + if os.path.exists(certfile(live)): + cert_validity = cert_expiry(live) - now + need_new_cert = cert_validity <= renew_cert_time + else: + need_new_cert = True if need_new_cert and key_age + renew_cert_time >= max_key_age: # We are about to request a new certificate, and within , we need a new key: Get the new key now need_new_key = True