def main(): try: if os.geteuid() != 0: Logger.error('{} must be run as root.'.format(sys.argv[0])) sys.exit(1) current_vhost_string = None current_vhost_name = None force_renew_certs = len(sys.argv) == 2 and sys.argv[1] == force_arg with open(CONFIG_FILE_PATH) as f: config = util.strip_json_comments(f.read()) try: sites = json.loads(config) except Exception as ex: raise Exception( 'Could not parse configuration file "{}": {}'.format( CONFIG_FILE_PATH, ex)) apache_vhosts = apache_util.get_apache_vhosts() if len(apache_vhosts) == 0: Logger.error( 'Could not find any Apache VHosts on this system, please configure your Apache VHosts before using this script.') sys.exit(2) for site_index, site in enumerate(sites): current_vhost_string = site.get( 'VHost', 'VHost configuration number {}'.format( site_index + 1)) current_vhost_name = site.get('ServerName', '') process_vhost( site, current_vhost_string, current_vhost_name, apache_vhosts, force_renew_certs) if apache_util.is_apache_running(): reload_apache() except Exception as e: log_error( 'VHost "{}, {}": {} {} {}'.format( current_vhost_string, current_vhost_name, type(e), e, util.format_traceback()), 'VHost "{}, {}": {} {}'.format( current_vhost_string, current_vhost_name, type(e), e)) sys.exit(1) finally: print_error_summary(all_error_messages, all_warning_messages) util.close_logger(Logger) if all_error_messages: sys.exit(1)
def process_vhost(site_configuration, current_vhost_string, current_vhost_name, apache_vhosts, force_renew_certs): global error_messages global warning_messages current_site = site_configuration try: # Validation parsed_site, validation_errors = util.parse_settings( current_site, util.APACHE_RENEWAL_SETTINGS) # parsed_site either contains correctly parsed site settings with populated defaults or None (and a non-empty validation error list). # Even if parsing failed, we want to present the user with a complete error list. So for purposes of further validation # we fill current_site at least defined values (e.g. None) using # populate_defaults such that validate_site_configuration can is able to # do its checks. current_site = parsed_site or util.populate_defaults( current_site, util.APACHE_RENEWAL_SETTINGS) validation_errors.extend( validate_site_configuration(current_site, apache_vhosts.keys())) if validation_errors: message = make_validation_error_message(validation_errors, current_vhost_string) log_error(message) raise Exception( 'Errors during validation of VHost "{}, {}".'.format( current_vhost_string, current_vhost_name)) # Processing if not apache_util.is_apache_running(): if (not os.path.isfile( apache_util.get_apache_ssl_cert_path( current_vhost_string, current_vhost_name))) or (not os.path.isfile( apache_util.get_apache_ssl_key_path( current_vhost_string, current_vhost_name))): log_warning( 'Apache is not running, but certificate/keyfile missing. Attempting to correct. Note: this will not restart apache.' ) pem_cert_key_path = get_cert(current_site) install_apache_ssl_cert(pem_cert_key_path, current_site) email_results(current_site) return True else: raise Exception( 'Apache is not running, skipping certificate update for VHost {} {}.' .format(current_vhost_string, current_vhost_name)) update_apache_config(current_site) if force_renew_certs or is_cert_renewal_needed(current_site): pem_cert_key_path = get_cert(current_site) install_apache_ssl_cert(pem_cert_key_path, current_site) except Exception as e: # Log error, but continue processing the next VHost log_error( 'VHost "{}, {}": {} {} {}'.format(current_vhost_string, current_vhost_name, type(e), e, util.format_traceback()), 'VHost "{}, {}": {} {}'.format(current_vhost_string, current_vhost_name, type(e), e)) return False finally: email_results(current_site) error_messages = [] warning_messages = [] return True