def RequestIssuance(info):
#create csr
hostname = info['hostname']
fqdn= hostname + DOMAIN
authz=json.loads(info['authz_json'])
csr = _createCertRequest(info['csr_privkey'], name={'CN': fqdn}, digest="sha256")
payload={
"resource":"new-cert",
"csr":_b64(csr),
}
resp=requests.get(CA)
nonce=resp.headers['Replay-Nonce'].encode('utf-8')
resp=_send_signed_request(authz.get('new_cert_uri'), payload, hostname, nonce)
logger.debug('NewCert resp: {}:{}'.format(resp.status_code, resp.headers))
if resp.status_code==201:
db.updateHost(hostname, 'certificate', resp.headers.get('Location'))
logger.info('Certificate issued!')
return True
if resp.status_code==202:
while True:
resp=requests.get(resp.url)
logger.debug('NewCert resp: {}:{}'.format(resp.status_code, resp.headers))
if resp==201:
db.updateHost(hostname, 'certificate', resp.headers.get('Location'))
return True
if resp!=202:
time.sleep(resp.headers('Retry-After'))
return False
def Poll(info):
authz=json.loads(info['authz_json'])
resp=requests.get(authz.get('uri'))
logger.debug('Poll resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
if resp.status_code==200:#Challenge accepted & Valid keep polling until status is valid
while True:
time.sleep(5)
resp=requests.get(authz.get('uri'))
logger.debug('Poll resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
if resp.json().get('status')=='valid':
break
authz_json={
"body":resp.json(),
"new_cert_uri":resp.links['next'].get('url'),
"uri":authz.get('uri')
}
db.updateHost(info['hostname'],'authz_json', json.dumps(authz_json))
return True
if resp.status_code==202:#Challenge accepted but not validated yet.#look for retry-after header.
if resp.headers.get('Retry-After') != None:
while True:
logger.info('Waiting {} seconds for LetsEncrypt to verify challenge.'.format(resp.headers.get('Retry-After')))
time.sleep(resp.headers.get('Retry-After'))
resp=requests.get(authz.get('uri'))
if resp.status_code!=202:
break
return True
return False
def Register(info):
hostname=info['hostname']
resp=requests.get(CA)
nonce=resp.headers['Replay-Nonce'].encode('utf8')
LEdir=json.loads(resp.text)
payload={
"resource":"new-reg",
}
logger.debug('Registering {} with LetsEncrypt.'.format(hostname))
registration = _send_signed_request(LEdir['new-reg'], payload, hostname, nonce)
#logger.debug('Reg Response Content: \n{}'.format(resp.content))
logger.debug('Reg response: {}\n{}:{}'.format(registration.headers, registration.status_code, registration.text))
if registration.status_code==201:
#look for terms
TERMS=registration.links['terms-of-service']
logger.info('TERMS: {}'.format(TERMS))
if TERMS!=None:
logger.debug('Agreeing to terms')
payload={
"resource":"reg",
"agreement":TERMS.get('url'),
}
resp=_send_signed_request(registration.headers.get('Location'), payload, hostname, registration.headers.get('Replay-Nonce'))
logger.debug('Terms resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
reg_json={
"body":{
"agreement":TERMS.get('url'),
"key":registration.json().get('key'),
},
"new_authzr_uri":registration.links['next'].get('url'),
"terms_of_service":TERMS.get('url'),
"uri":registration.headers.get('Location')
}
db.updateHost(hostname,'reg_json', json.dumps(reg_json))
return True
if registration.status_code==409:
#already registered
logger.debug('{} is already registered.'.format(hostname))
return True
return False
def RequestChallenges(info):
hostname=info['hostname']
resp=requests.get(CA)
nonce=resp.headers['Replay-Nonce'].encode('utf-8')
payload={
"resource":"new-authz",
"identifier": {
"type": "dns",
"value": hostname+DOMAIN,
}
}
logger.debug('Getting Authz')
resp=_send_signed_request(ast.literal_eval(info['reg_json']).get('new_authzr_uri'), payload, hostname, nonce)
logger.debug('Authz resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
if resp.status_code==201:
authz_json={
"body":resp.json(),
"new_cert_uri":resp.links['next'].get('url'),
"uri":resp.headers.get('Location')
}
db.updateHost(hostname,'authz_json', json.dumps(authz_json))
return True
return False
