config.read_file(stream)
return config
-def certfile(name, suff = None):
+def certfile(name):
global config
return os.path.join(config['dirs']['certs'], name + ".crt" + ('' if suff is None else '+'+suff) )
make_backup(certfile(name))
with open(certfile(name), 'wb') as f:
f.write(signed_crt)
- # append DH params
- dhfile = config['DEFAULT'].get('dh-params')
- if dhfile is not None:
- with open(dhfile, 'rb') as f:
- dh = f.read()
- with open(certfile(name, 'dh'), 'wb') as f:
- f.write(signed_crt)
- f.write(dh)
- # append chain
- chainfile = config['DEFAULT'].get('chain')
- if chainfile is not None:
- with open(chainfile, 'rb') as f:
- chain = f.read()
- with open(certfile(name, 'chain'), 'wb') as f:
- f.write(signed_crt)
- f.write(chain)
def request_cert(name):
global config
os.rename(src = keyfile(staging), dst = keyfile(live))
make_backup(certfile(live))
os.rename(src = certfile(staging), dst = certfile(live))
- try:
- os.rename(src = certfile(staging, 'dh'), dst = certfile(live, 'dh'))
- except FileNotFoundError:
- pass
- try:
- os.rename(src = certfile(staging, 'chain'), dst = certfile(live, 'chain'))
- except FileNotFoundError:
- pass
return 2
def auto_renewal():
# The length of secret RSA keys
key-length = 4096
-# File containing the DH parameters, as generated by openssl (optional)
-dh-params = /etc/ssl/dh2048.pem
-chain = /etc/ssl/chains/letsencrypt-x1.crt
-
[timing]
# After how many days should the private key be re-generated?
max-key-age-days = 180
[hooks]
# Called after a new certificate has been obtained.
-# Example usage: Reloading services.
+# Example usage: Reloading services, generating combined "certificate + key chain" file.
post-certchange = /home/user/letsencrypt/cert-hook
# Called after a new certificate has been obtained, *if* there also were changes in the private keys
# Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone
projects / lets-encrypt-tiny.git / commitdiff