def setupletsencrypt(self, acme_domains, acmedata): """Issue SSL certificates with acme.sh""" # check acme.sh is installed WOAcme.check_acme(self) # define variables all_domains = '\' -d \''.join(acme_domains) wo_acme_dns = acmedata['acme_dns'] keylenght = acmedata['keylength'] if acmedata['dns'] is True: acme_mode = "--dns {0}".format(wo_acme_dns) validation_mode = "DNS mode with {0}".format(wo_acme_dns) if acmedata['dnsalias'] is True: acme_mode = acme_mode + \ " --challenge-alias {0}".format(acmedata['acme_alias']) else: acme_mode = "-w /var/www/html" validation_mode = "Webroot challenge" Log.debug(self, "Validation : Webroot mode") if not os.path.isdir('/var/www/html/.well-known/acme-challenge'): WOFileUtils.mkdir(self, '/var/www/html/.well-known/acme-challenge') WOFileUtils.chown(self, '/var/www/html/.well-known', 'www-data', 'www-data', recursive=True) WOFileUtils.chmod(self, '/var/www/html/.well-known', 0o750, recursive=True) Log.info(self, "Validation mode : {0}".format(validation_mode)) Log.wait(self, "Issuing SSL cert with acme.sh") if not WOShellExec.cmd_exec( self, "{0} ".format(WOAcme.wo_acme_exec) + "--issue -d '{0}' {1} -k {2} -f".format( all_domains, acme_mode, keylenght)): Log.failed(self, "Issuing SSL cert with acme.sh") if acmedata['dns'] is True: Log.error( self, "Please make sure your properly " "set your DNS API credentials for acme.sh\n" "If you are using sudo, use \"sudo -E wo\"") return False else: Log.error( self, "Your domain is properly configured " "but acme.sh was unable to issue certificate.\n" "You can find more informations in " "/var/log/wo/wordops.log") return False else: Log.valide(self, "Issuing SSL cert with acme.sh") return True
def selfsignedcert(self, proftpd=False, backend=False): """issue a self-signed certificate""" selfs_tmp = '/var/lib/wo/tmp/selfssl' # create self-signed tmp directory if not os.path.isdir(selfs_tmp): WOFileUtils.mkdir(self, selfs_tmp) try: WOShellExec.cmd_exec( self, "openssl genrsa -out " "{0}/ssl.key 2048".format(selfs_tmp)) WOShellExec.cmd_exec( self, "openssl req -new -batch " "-subj /commonName=localhost/ " "-key {0}/ssl.key -out {0}/ssl.csr".format(selfs_tmp)) WOFileUtils.mvfile(self, "{0}/ssl.key".format(selfs_tmp), "{0}/ssl.key.org".format(selfs_tmp)) WOShellExec.cmd_exec( self, "openssl rsa -in " "{0}/ssl.key.org -out " "{0}/ssl.key".format(selfs_tmp)) WOShellExec.cmd_exec( self, "openssl x509 -req -days " "3652 -in {0}/ssl.csr -signkey {0}" "/ssl.key -out {0}/ssl.crt".format(selfs_tmp)) except Exception as e: Log.debug(self, "{0}".format(e)) Log.error(self, "Failed to generate HTTPS " "certificate for 22222", False) if backend: WOFileUtils.mvfile(self, "{0}/ssl.key".format(selfs_tmp), "/var/www/22222/cert/22222.key") WOFileUtils.mvfile(self, "{0}/ssl.crt".format(selfs_tmp), "/var/www/22222/cert/22222.crt") if proftpd: WOFileUtils.mvfile(self, "{0}/ssl.key".format(selfs_tmp), "/etc/proftpd/ssl/proftpd.key") WOFileUtils.mvfile(self, "{0}/ssl.crt".format(selfs_tmp), "/etc/proftpd/ssl/proftpd.crt") # remove self-signed tmp directory WOFileUtils.rm(self, selfs_tmp)
def check_acme(self): """ Check if acme.sh is properly installed, and install it if required """ if not os.path.exists('/etc/letsencrypt/acme.sh'): if os.path.exists('/opt/acme.sh'): WOFileUtils.rm(self, '/opt/acme.sh') WOGit.clone( self, 'https://github.com/Neilpang/acme.sh.git', '/opt/acme.sh', branch='master') WOFileUtils.mkdir(self, '/etc/letsencrypt/config') WOFileUtils.mkdir(self, '/etc/letsencrypt/renewal') WOFileUtils.mkdir(self, '/etc/letsencrypt/live') try: WOFileUtils.chdir(self, '/opt/acme.sh') WOShellExec.cmd_exec( self, './acme.sh --install --home /etc/letsencrypt' '--config-home /etc/letsencrypt/config' '--cert-home /etc/letsencrypt/renewal' ) WOShellExec.cmd_exec( self, "{0} --upgrade --auto-upgrade" .format(WOAcme.wo_acme_exec) ) except CommandExecutionError as e: Log.debug(self, str(e)) Log.error(self, "acme.sh installation failed") if not os.path.exists('/etc/letsencrypt/acme.sh'): Log.error(self, 'acme.sh ')