from subprocess import run from os.path import join, isfile, isdir from datetime import datetime from shutil import copyfile from os import makedirs, listdir, unlink TMP_DIR = '/srv/tls/tmp' LE_DIR = '/srv/tls/x509/letsencrypt' def letsencrypt_certif(cn: str, authority_cn: str, authority_name: str, type_: str, config: str, ) -> None: if type_ != 'server': raise Exception("Let's Encrypt is only available for server certificate") date = datetime.now() today = str(date.date()) week_number = date.isocalendar().week certificate_name = f'certificate_{week_number}.crt' rootdir = join(LE_DIR, f'{authority_name}+{authority_cn}') certdir = join(rootdir, 'certificats', cn, 'server') chaindir = join(rootdir, 'certificats', cn, 'ca') key_name = join(certdir, 'private.key') cert_name = join(certdir, certificate_name) email_address = config['email'] if not isfile(cert_name): cli_args = ['certbot', 'certonly', # WEB '--standalone', # DNS # f'--dns-{plugin_name}', # f'--dns-{plugin_name}-credentials', # credential_filename, # '--dns-ovh-propagation-seconds', # '360', '-d', cn, '--http-01-port', '8080', '--quiet', '--config-dir', f'{TMP_DIR}/{cn}/config', '--work-dir', f'{TMP_DIR}/{cn}/work', '--logs-dir', f'{TMP_DIR}/{cn}/logs', # '--test-cert', '--agree-tos', '-m', email_address, ] ret = run(cli_args, capture_output=True) if ret.returncode: raise Exception(f"error with Let's encrypt: {ret.stderr}") for dirname in (chaindir, certdir): if not isdir(dirname): makedirs(dirname) copyfile(join(TMP_DIR, cn, 'config/live', cn, 'privkey.pem'), key_name, ) copyfile(join(TMP_DIR, cn, 'config/live', cn, 'fullchain.pem'), cert_name, ) for dirname in (chaindir, certdir): for filename in listdir(dirname): if not filename.endswith('.crt') or filename == certificate_name: continue unlink(join(dirname, filename)) return None, cert_name, key_name