|
@@ -25,6 +25,7 @@ import logging
|
|
import socket
|
|
import socket
|
|
import os
|
|
import os
|
|
import subprocess
|
|
import subprocess
|
|
|
|
+import shutil
|
|
|
|
|
|
from amulib import helpers
|
|
from amulib import helpers
|
|
import OpenSSL
|
|
import OpenSSL
|
|
@@ -78,20 +79,46 @@ def run(service_name, config, acme_dir="/var/lib/acme",
|
|
for port in tlsa_ports:
|
|
for port in tlsa_ports:
|
|
helpers.create_tlsa_records(fqdn, port, acme_cert,
|
|
helpers.create_tlsa_records(fqdn, port, acme_cert,
|
|
named_key_path)
|
|
named_key_path)
|
|
- if helpers.copy_file(acme_fullchain_path, certificate_path):
|
|
|
|
- newkey_path = os.path.join(acme_dir, "live",
|
|
|
|
- fqdn, "privkey")
|
|
|
|
- if helpers.copy_file(newkey_path, key_path):
|
|
|
|
- LOGGER.info("Certificate for %s successfully "
|
|
|
|
- "renewed, restarting service.",
|
|
|
|
- service_name)
|
|
|
|
- subprocess.call(["/etc/init.d/%s" % service_name,
|
|
|
|
- "restart"])
|
|
|
|
|
|
+ newkey_path = os.path.join(acme_dir, "live",
|
|
|
|
+ fqdn, "privkey")
|
|
|
|
+ renewal_successful = False
|
|
|
|
+ if certificate_path == key_path:
|
|
|
|
+ if helpers.create_backup_copy(certificate_path):
|
|
|
|
+ try:
|
|
|
|
+ with open(certificate_path, "wb") as target:
|
|
|
|
+ with open(acme_fullchain_path, "rb") as chain:
|
|
|
|
+ with open(newkey_path, "rb") as newkey:
|
|
|
|
+ shutil.copyfileobj(newkey,
|
|
|
|
+ target)
|
|
|
|
+ shutil.copyfileobj(chain, target)
|
|
|
|
+ except IOError:
|
|
|
|
+ LOGGER.error("Renewal of cert for %s failed, "
|
|
|
|
+ "please clean up manually and "
|
|
|
|
+ "check the backup files!",
|
|
|
|
+ service_name)
|
|
|
|
+ else:
|
|
|
|
+ renewal_successful = True
|
|
else:
|
|
else:
|
|
LOGGER.error("Renewal of cert for %s failed, "
|
|
LOGGER.error("Renewal of cert for %s failed, "
|
|
"please clean up manually and "
|
|
"please clean up manually and "
|
|
"check the backup files!", service_name)
|
|
"check the backup files!", service_name)
|
|
else:
|
|
else:
|
|
- LOGGER.error("Renewal of cert for %s failed, "
|
|
|
|
- "please clean up manually and "
|
|
|
|
- "check the backup files!", service_name)
|
|
|
|
|
|
+ if helpers.copy_file(acme_fullchain_path,
|
|
|
|
+ certificate_path):
|
|
|
|
+ if helpers.copy_file(newkey_path, key_path):
|
|
|
|
+ renewal_successful = True
|
|
|
|
+ else:
|
|
|
|
+ LOGGER.error("Renewal of cert for %s failed, "
|
|
|
|
+ "please clean up manually and "
|
|
|
|
+ "check the backup files!",
|
|
|
|
+ service_name)
|
|
|
|
+ else:
|
|
|
|
+ LOGGER.error("Renewal of cert for %s failed, "
|
|
|
|
+ "please clean up manually and "
|
|
|
|
+ "check the backup files!", service_name)
|
|
|
|
+ if renewal_successful:
|
|
|
|
+ LOGGER.info("Certificate for %s successfully "
|
|
|
|
+ "renewed, restarting service.",
|
|
|
|
+ service_name)
|
|
|
|
+ subprocess.call(["/etc/init.d/%s" % service_name,
|
|
|
|
+ "restart"])
|