def _process_config( config_path: str, directory_path: str, runtime_config_path: str, lock: threading.Lock, ): dnsrobocert_config = config.load(config_path) if not dnsrobocert_config: return if dnsrobocert_config.get("draft"): LOGGER.info( "Configuration file is in draft mode: no action will be done.") return with open(runtime_config_path, "w") as f: f.write(yaml.dump(dnsrobocert_config)) utils.configure_certbot_workspace(dnsrobocert_config, directory_path) LOGGER.info("Registering ACME account if needed.") certbot.account(runtime_config_path, directory_path, lock) LOGGER.info("Creating missing certificates if needed (~1min for each)") certificates = dnsrobocert_config.get("certificates", {}) for certificate in certificates: try: lineage = config.get_lineage(certificate) domains = certificate["domains"] force_renew = certificate.get("force_renew", False) LOGGER.info( f"Handling the certificate for domain(s): {', '.join(domains)}" ) certbot.certonly( runtime_config_path, directory_path, lineage, lock, domains, force_renew=force_renew, ) except BaseException as error: LOGGER.error( f"An error occurred while processing certificate config `{certificate}`:\n{error}" ) LOGGER.info("Revoke and delete certificates if needed") lineages = { config.get_lineage(certificate) for certificate in certificates } for domain in os.listdir(os.path.join(directory_path, "live")): if domain != "README": domain = re.sub(r"^\*\.", "", domain) if domain not in lineages: LOGGER.info(f"Removing the certificate {domain}") certbot.revoke(runtime_config_path, directory_path, domain, lock)
def test_wildcard_lineage(): certificate = { "domains": ["*.example.com", "example.com"], "profile": "dummy" } assert config.get_lineage(certificate) == "example.com"