Exemple #1
0
def _process_config(
    config_path: str,
    directory_path: str,
    runtime_config_path: str,
    lock: threading.Lock,
):
    dnsrobocert_config = config.load(config_path)

    if not dnsrobocert_config:
        return

    if dnsrobocert_config.get("draft"):
        LOGGER.info(
            "Configuration file is in draft mode: no action will be done.")
        return

    with open(runtime_config_path, "w") as f:
        f.write(yaml.dump(dnsrobocert_config))

    utils.configure_certbot_workspace(dnsrobocert_config, directory_path)

    LOGGER.info("Registering ACME account if needed.")
    certbot.account(runtime_config_path, directory_path, lock)

    LOGGER.info("Creating missing certificates if needed (~1min for each)")
    certificates = dnsrobocert_config.get("certificates", {})
    for certificate in certificates:
        try:
            lineage = config.get_lineage(certificate)
            domains = certificate["domains"]
            force_renew = certificate.get("force_renew", False)
            LOGGER.info(
                f"Handling the certificate for domain(s): {', '.join(domains)}"
            )
            certbot.certonly(
                runtime_config_path,
                directory_path,
                lineage,
                lock,
                domains,
                force_renew=force_renew,
            )
        except BaseException as error:
            LOGGER.error(
                f"An error occurred while processing certificate config `{certificate}`:\n{error}"
            )

    LOGGER.info("Revoke and delete certificates if needed")
    lineages = {
        config.get_lineage(certificate)
        for certificate in certificates
    }
    for domain in os.listdir(os.path.join(directory_path, "live")):
        if domain != "README":
            domain = re.sub(r"^\*\.", "", domain)
            if domain not in lineages:
                LOGGER.info(f"Removing the certificate {domain}")
                certbot.revoke(runtime_config_path, directory_path, domain,
                               lock)
Exemple #2
0
def test_wildcard_lineage():
    certificate = {
        "domains": ["*.example.com", "example.com"],
        "profile": "dummy"
    }

    assert config.get_lineage(certificate) == "example.com"