def init_letsencrypt(): loginfo('Preparing for letsencrypt ...') wait_for_nginx() if not exists(ssl_dir): os.mkdir(ssl_dir) domain = get_conf('SEAFILE_SERVER_HOSTNAME', 'seafile.example.com') context = { 'ssl_dir': ssl_dir, 'domain': domain, } render_template('/templates/letsencrypt.cron.template', join(generated_dir, 'letsencrypt.cron'), context) ssl_crt = '/shared/ssl/{}.crt'.format(domain) if exists(ssl_crt): loginfo('Found existing cert file {}'.format(ssl_crt)) if cert_has_valid_days(ssl_crt, 30): loginfo( 'Skip letsencrypt verification since we have a valid certificate' ) if exists(join(ssl_dir, 'letsencrypt')): # Create a crontab to auto renew the cert for letsencrypt. call('/scripts/auto_renew_crt.sh {0} {1}'.format( ssl_dir, domain)) return loginfo('Starting letsencrypt verification') # Create a temporary nginx conf to start a server, which would accessed by letsencrypt context = { 'https': False, 'domain': domain, } if not os.path.isfile('/shared/nginx/conf/seafile.nginx.conf'): render_template('/templates/seafile.nginx.conf.template', '/etc/nginx/sites-enabled/seafile.nginx.conf', context) call('nginx -s reload') time.sleep(2) call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain)) # if call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain), check_call=False) != 0: # eprint('Now waiting 1000s for postmortem') # time.sleep(1000) # sys.exit(1) call('/scripts/auto_renew_crt.sh {0} {1}'.format(ssl_dir, domain))
def init_letsencrypt(): loginfo('Preparing for letsencrypt ...') wait_for_nginx() if not exists(ssl_dir): os.mkdir(ssl_dir) domain = get_conf('SEAFILE_SERVER_HOSTNAME', 'seafile.example.com') context = { 'ssl_dir': ssl_dir, 'domain': domain, } render_template( '/templates/letsencrypt.cron.template', join(generated_dir, 'letsencrypt.cron'), context ) ssl_crt = '/shared/ssl/{}.crt'.format(domain) if exists(ssl_crt): loginfo('Found existing cert file {}'.format(ssl_crt)) if cert_has_valid_days(ssl_crt, 30): loginfo('Skip letsencrypt verification since we have a valid certificate') return loginfo('Starting letsencrypt verification') # Create a temporary nginx conf to start a server, which would accessed by letsencrypt context = { 'https': False, 'domain': domain, } render_template('/templates/seafile.nginx.conf.template', '/etc/nginx/sites-enabled/seafile.nginx.conf', context) call('nginx -s reload') time.sleep(2) call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))