dataset/seed/tls/manual/image/postinstall/letsencrypt.py

from subprocess import run
from os.path import join, isfile, isdir
from datetime import datetime
from shutil import copyfile
from os import makedirs, listdir, unlink


TMP_DIR = '/srv/tls/tmp'
LE_DIR = '/srv/tls/x509/letsencrypt'


def letsencrypt_certif(cn: str,
                       authority_cn: str,
                       authority_name: str,
                       type_: str,
                       config: str,
                       ) -> None:
    if type_ != 'server':
        raise Exception("Let's Encrypt is only available for server certificate")
    date = datetime.now()
    today = str(date.date())
    week_number = date.isocalendar().week
    certificate_name = f'certificate_{week_number}.crt'
    rootdir = join(LE_DIR, f'{authority_name}+{authority_cn}')
    certdir = join(rootdir, 'certificats', cn, 'server')
    chaindir = join(rootdir, 'certificats', cn, 'ca')
    key_name = join(certdir, 'private.key')
    cert_name = join(certdir, certificate_name)
    email_address = config['email']
    if not isfile(cert_name):
        cli_args = ['certbot',
                    'certonly',
# WEB
                    '--standalone',
# DNS
#                    f'--dns-{plugin_name}',
#                    f'--dns-{plugin_name}-credentials',
#                    credential_filename,
#                    '--dns-ovh-propagation-seconds',
#                    '360',
                    '-d',
                    cn,
                    '--http-01-port',
                    '8080',
                    '--quiet',
                    '--config-dir', 
                    f'{TMP_DIR}/{cn}/config',
                    '--work-dir',
                    f'{TMP_DIR}/{cn}/work',
                    '--logs-dir',
                    f'{TMP_DIR}/{cn}/logs',
#                    '--test-cert',
                    '--agree-tos',
                    '-m',
                    email_address,
                    ]
        ret = run(cli_args, capture_output=True)
        if ret.returncode:
            raise Exception(f"error with Let's encrypt: {ret.stderr}")
        
        for dirname in (chaindir, certdir):
            if not isdir(dirname):
                makedirs(dirname)
        copyfile(join(TMP_DIR, cn, 'config/live', cn, 'privkey.pem'),
                 key_name,
                 )
        copyfile(join(TMP_DIR, cn, 'config/live', cn, 'fullchain.pem'),
                 cert_name,
                 )
        for dirname in (chaindir, certdir):
            for filename in listdir(dirname):
                if not filename.endswith('.crt') or filename == certificate_name:
                    continue
                unlink(join(dirname, filename))
    return None, cert_name, key_name