def acme_cert_renewal_checks(self, store): cert = load_certificate(FILETYPE_PEM, GLSettings.memory_copy.private.https_cert) expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter()) t = timedelta(days=self.acme_try_renewal) renewal_window = datetime.now() + t if not expiration_date < renewal_window: # We will not apply for the renewal of the certificate return try: db_acme_cert_issuance(store) except Exception as e: self.acme_failures = +1 log.err('ACME certificate renewal failed with: %s' % e) raise try: yield GLSettings.appstate.process_supervisor.shutdown() yield GLSettings.appstate.process_supervisor.maybe_launch_https_workers( ) except Exception as e: self.acme_failures = +1 log.err('Restart of HTTPS workers failed with: %s' % e) raise
def cert_expiration_checks(self, store): priv_fact = models.config.PrivateFactory(store) if not priv_fact.get_val(u'https_enabled'): return cert = load_certificate(FILETYPE_PEM, priv_fact.get_val(u'https_cert')) expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter()) # Acme renewal checks if priv_fact.get_val(u'acme') and datetime.now( ) > expiration_date - timedelta(days=self.acme_try_renewal): try: db_acme_cert_issuance(store) except Exception as excep: self.acme_failures = +1 log.err('ACME certificate renewal failed with: %s', excep) raise self.should_restart_https = True self.acme_failures = 0 # Regular certificates expiration checks elif datetime.now() > expiration_date - timedelta( days=self.notify_expr_within): log.info('The HTTPS Certificate is expiring on %s', expiration_date) if not State.tenant_cache[ 1].notif.disable_admin_notification_emails: self.certificate_mail_creation(store, expiration_date)
def cert_expiration_checks(self, session, tid): priv_fact = models.config.ConfigFactory(session, tid, 'node') if not priv_fact.get_val(u'https_enabled'): return cert = load_certificate(FILETYPE_PEM, priv_fact.get_val(u'https_cert')) expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter()) expiration_date_iso = datetime_to_ISO8601(expiration_date) # Acme renewal checks if priv_fact.get_val(u'acme') and datetime.now() > expiration_date - timedelta(days=self.acme_try_renewal): try: db_acme_cert_issuance(session, tid) except Exception as exc: log.err('Automatic HTTPS renewal failed: %s', exc, tid=tid) # Send an email to the admin cause this requires user intervention if not self.state.tenant_cache[tid].notification.disable_admin_notification_emails: self.certificate_mail_creation(session, 'https_certificate_renewal_failure', tid, expiration_date_iso) else: self.should_restart_https = True # Regular certificates expiration checks elif datetime.now() > expiration_date - timedelta(days=self.notify_expr_within): log.info('The HTTPS Certificate is expiring on %s', expiration_date, tid=tid) if not self.state.tenant_cache[tid].notification.disable_admin_notification_emails: self.certificate_mail_creation(session, 'https_certificate_expiration', tid, expiration_date_iso)