예제 #1
0
    def acme_cert_renewal_checks(self, store):
        cert = load_certificate(FILETYPE_PEM,
                                GLSettings.memory_copy.private.https_cert)
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())

        t = timedelta(days=self.acme_try_renewal)
        renewal_window = datetime.now() + t

        if not expiration_date < renewal_window:
            # We will not apply for the renewal of the certificate
            return

        try:
            db_acme_cert_issuance(store)
        except Exception as e:
            self.acme_failures = +1
            log.err('ACME certificate renewal failed with: %s' % e)
            raise
        try:
            yield GLSettings.appstate.process_supervisor.shutdown()
            yield GLSettings.appstate.process_supervisor.maybe_launch_https_workers(
            )
        except Exception as e:
            self.acme_failures = +1
            log.err('Restart of HTTPS workers failed with: %s' % e)
            raise
예제 #2
0
    def cert_expiration_checks(self, store):
        priv_fact = models.config.PrivateFactory(store)

        if not priv_fact.get_val(u'https_enabled'):
            return

        cert = load_certificate(FILETYPE_PEM, priv_fact.get_val(u'https_cert'))
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())

        # Acme renewal checks
        if priv_fact.get_val(u'acme') and datetime.now(
        ) > expiration_date - timedelta(days=self.acme_try_renewal):
            try:
                db_acme_cert_issuance(store)
            except Exception as excep:
                self.acme_failures = +1
                log.err('ACME certificate renewal failed with: %s', excep)
                raise

            self.should_restart_https = True
            self.acme_failures = 0

        # Regular certificates expiration checks
        elif datetime.now() > expiration_date - timedelta(
                days=self.notify_expr_within):
            log.info('The HTTPS Certificate is expiring on %s',
                     expiration_date)
            if not State.tenant_cache[
                    1].notif.disable_admin_notification_emails:
                self.certificate_mail_creation(store, expiration_date)
예제 #3
0
    def cert_expiration_checks(self, session, tid):
        priv_fact = models.config.ConfigFactory(session, tid, 'node')

        if not priv_fact.get_val(u'https_enabled'):
            return

        cert = load_certificate(FILETYPE_PEM, priv_fact.get_val(u'https_cert'))
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())
        expiration_date_iso = datetime_to_ISO8601(expiration_date)

        # Acme renewal checks
        if priv_fact.get_val(u'acme') and datetime.now() > expiration_date - timedelta(days=self.acme_try_renewal):
            try:
                db_acme_cert_issuance(session, tid)
            except Exception as exc:
                log.err('Automatic HTTPS renewal failed: %s', exc, tid=tid)

                # Send an email to the admin cause this requires user intervention
                if not self.state.tenant_cache[tid].notification.disable_admin_notification_emails:
                    self.certificate_mail_creation(session, 'https_certificate_renewal_failure', tid, expiration_date_iso)
            else:
                self.should_restart_https = True

        # Regular certificates expiration checks
        elif datetime.now() > expiration_date - timedelta(days=self.notify_expr_within):
            log.info('The HTTPS Certificate is expiring on %s', expiration_date, tid=tid)
            if not self.state.tenant_cache[tid].notification.disable_admin_notification_emails:
                self.certificate_mail_creation(session, 'https_certificate_expiration', tid, expiration_date_iso)