76 lines
2.7 KiB
Python
76 lines
2.7 KiB
Python
|
from subprocess import run
|
||
|
from os.path import join, isfile, isdir
|
||
|
from datetime import datetime
|
||
|
from shutil import copyfile
|
||
|
from os import makedirs, listdir, unlink
|
||
|
|
||
|
|
||
|
TMP_DIR = '/srv/tls/tmp'
|
||
|
LE_DIR = '/srv/tls/x509/letsencrypt'
|
||
|
|
||
|
|
||
|
def letsencrypt_certif(cn: str,
|
||
|
authority_cn: str,
|
||
|
authority_name: str,
|
||
|
type_: str,
|
||
|
config: str,
|
||
|
) -> None:
|
||
|
if type_ != 'server':
|
||
|
raise Exception("Let's Encrypt is only available for server certificate")
|
||
|
date = datetime.now()
|
||
|
today = str(date.date())
|
||
|
week_number = date.isocalendar().week
|
||
|
certificate_name = f'certificate_{week_number}.crt'
|
||
|
rootdir = join(LE_DIR, f'{authority_name}+{authority_cn}')
|
||
|
certdir = join(rootdir, 'certificats', cn, 'server')
|
||
|
chaindir = join(rootdir, 'certificats', cn, 'ca')
|
||
|
key_name = join(certdir, 'private.key')
|
||
|
cert_name = join(certdir, certificate_name)
|
||
|
email_address = config['email']
|
||
|
if not isfile(cert_name):
|
||
|
cli_args = ['certbot',
|
||
|
'certonly',
|
||
|
# WEB
|
||
|
'--standalone',
|
||
|
# DNS
|
||
|
# f'--dns-{plugin_name}',
|
||
|
# f'--dns-{plugin_name}-credentials',
|
||
|
# credential_filename,
|
||
|
# '--dns-ovh-propagation-seconds',
|
||
|
# '360',
|
||
|
'-d',
|
||
|
cn,
|
||
|
'--http-01-port',
|
||
|
'8080',
|
||
|
'--quiet',
|
||
|
'--config-dir',
|
||
|
f'{TMP_DIR}/{cn}/config',
|
||
|
'--work-dir',
|
||
|
f'{TMP_DIR}/{cn}/work',
|
||
|
'--logs-dir',
|
||
|
f'{TMP_DIR}/{cn}/logs',
|
||
|
# '--test-cert',
|
||
|
'--agree-tos',
|
||
|
'-m',
|
||
|
email_address,
|
||
|
]
|
||
|
ret = run(cli_args, capture_output=True)
|
||
|
if ret.returncode:
|
||
|
raise Exception(f"error with Let's encrypt: {ret.stderr}")
|
||
|
|
||
|
for dirname in (chaindir, certdir):
|
||
|
if not isdir(dirname):
|
||
|
makedirs(dirname)
|
||
|
copyfile(join(TMP_DIR, cn, 'config/live', cn, 'privkey.pem'),
|
||
|
key_name,
|
||
|
)
|
||
|
copyfile(join(TMP_DIR, cn, 'config/live', cn, 'fullchain.pem'),
|
||
|
cert_name,
|
||
|
)
|
||
|
for dirname in (chaindir, certdir):
|
||
|
for filename in listdir(dirname):
|
||
|
if not filename.endswith('.crt') or filename == certificate_name:
|
||
|
continue
|
||
|
unlink(join(dirname, filename))
|
||
|
return None, cert_name, key_name
|