X-Git-Url: https://git.ralfj.de/lets-encrypt-tiny.git/blobdiff_plain/ced309aad271bf75269e224edc5f92ff7868187d..1aaa458b500a616239126d19511e0696b560f24d:/letsencrypt-tiny?ds=sidebyside diff --git a/letsencrypt-tiny b/letsencrypt-tiny index 78d38b7..b0b9894 100755 --- a/letsencrypt-tiny +++ b/letsencrypt-tiny @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -## Call with "--help" for documentation. +## See for documentation. import argparse, configparser, itertools, stat, os, os.path, sys, subprocess, datetime @@ -63,8 +63,8 @@ def acme(keyfilename, certfilename, domains): file.write(csr) try: # call acme-tiny as a script - acme_tiny = os.path.join(config['acme']['acme-tiny'], 'acme_tiny.py') - signed_crt = subprocess.check_output(["python", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']]) + acme_tiny = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'acme-tiny', 'acme_tiny.py') + signed_crt = subprocess.check_output(["python3", acme_tiny, "--quiet", "--account-key", accountkey, "--csr", csrfilename, "--acme-dir", config['acme']['challenge-dir']]) # save new certificate make_backup(certfilename) with open(certfilename, 'wb') as f: @@ -94,6 +94,7 @@ def request_cert(name): acme(keyfile(name), certfile(name), domains) def generate_key(name): + assert not os.path.exists(certfile(name)), "Don't make create a new key for an old cert" print("Generating new private key '{}'".format(name)) openssl_genrsa(keyfile(name)) @@ -122,9 +123,12 @@ def auto_renewal(live, staging): # determine what to do now = datetime.datetime.now() key_age = now - key_mtime(live) - cert_validity = cert_expiry(live) - now need_new_key = key_age >= max_key_age - need_new_cert = cert_validity <= renew_cert_time + if os.path.exists(certfile(live)): + cert_validity = cert_expiry(live) - now + need_new_cert = cert_validity <= renew_cert_time + else: + need_new_cert = True if need_new_cert and key_age + renew_cert_time >= max_key_age: # We are about to request a new certificate, and within , we need a new key: Get the new key now need_new_key = True @@ -204,6 +208,7 @@ if __name__ == "__main__": live = config['files']['live'] if not os.path.exists(keyfile(live)): generate_key(live) + if not os.path.exists(certfile(live)): request_cert(live) if args.hooks: trigger_hook('post-certchange')