def choose_redirect_vhosts(self, target_name, port, create_if_no_match=False): """Chooses a single virtual host for redirect enhancement. Chooses the vhost most closely matching target_name that is listening to port without using ssl. .. todo:: This should maybe return list if no obvious answer is presented. .. todo:: The special name "$hostname" corresponds to the machine's hostname. Currently we just ignore this. :param str target_name: domain name :param str port: port number :param bool create_if_no_match: If we should create a new vhost from default when there is no match found. If we can't choose a default, raise a MisconfigurationError. :returns: vhosts associated with name :rtype: list of :class:`~certbot_nginx.obj.VirtualHost` """ if util.is_wildcard_domain(target_name): # Ask user which VHosts to enhance. vhosts = self._choose_vhosts_wildcard(target_name, prefer_ssl=False, no_ssl_filter_port=port) else: matches = self._get_redirect_ranked_matches(target_name, port) vhosts = [x for x in [self._select_best_name_match(matches)]if x is not None] if not vhosts and create_if_no_match: vhosts = [self._vhost_from_duplicated_default(target_name, False, port)] return vhosts
def _redirect_block_for_domain(domain): updated_domain = domain match_symbol = '=' if util.is_wildcard_domain(domain): match_symbol = '~' updated_domain = updated_domain.replace('.', r'\.') updated_domain = updated_domain.replace('*', '[^.]+') updated_domain = '^' + updated_domain + '$' redirect_block = [[ ['\n ', 'if', ' ', '($host', ' ', match_symbol, ' ', '%s)' % updated_domain, ' '], [['\n ', 'return', ' ', '301', ' ', 'https://$host$request_uri'], '\n ']], ['\n']] return redirect_block
def choose_vhosts(self, target_name, create_if_no_match=False): """Chooses a virtual host based on the given domain name. .. note:: This makes the vhost SSL-enabled if it isn't already. Follows Nginx's server block selection rules preferring blocks that are already SSL. .. todo:: This should maybe return list if no obvious answer is presented. .. todo:: The special name "$hostname" corresponds to the machine's hostname. Currently we just ignore this. :param str target_name: domain name :param bool create_if_no_match: If we should create a new vhost from default when there is no match found. If we can't choose a default, raise a MisconfigurationError. :returns: ssl vhosts associated with name :rtype: list of :class:`~certbot_nginx.obj.VirtualHost` """ if util.is_wildcard_domain(target_name): # Ask user which VHosts to support. vhosts = self._choose_vhosts_wildcard(target_name, prefer_ssl=True) else: vhosts = self._choose_vhost_single(target_name) if not vhosts: if create_if_no_match: # result will not be [None] because it errors on failure vhosts = [self._vhost_from_duplicated_default(target_name, True, str(self.config.tls_sni_01_port))] else: # No matches. Raise a misconfiguration error. raise errors.MisconfigurationError( ("Cannot find a VirtualHost matching domain %s. " "In order for Certbot to correctly perform the challenge " "please add a corresponding server_name directive to your " "nginx configuration for every domain on your certificate: " "https://nginx.org/en/docs/http/server_names.html") % (target_name)) # Note: if we are enhancing with ocsp, vhost should already be ssl. for vhost in vhosts: if not vhost.ssl: self._make_server_ssl(vhost) return vhosts
def _choose_lineagename(self, domains, certname): """Chooses a name for the new lineage. :param domains: domains in certificate request :type domains: `list` of `str` :param certname: requested name of lineage :type certname: `str` or `None` :returns: lineage name that should be used :rtype: str """ if certname: return certname elif util.is_wildcard_domain(domains[0]): # Don't make files and directories starting with *. return domains[0][2:] return domains[0]
def _choose_lineagename(self, domains, certname): """Chooses a name for the new lineage. :param domains: domains in certificate request :type domains: `list` of `str` :param certname: requested name of lineage :type certname: `str` or `None` :returns: lineage name that should be used :rtype: str """ if certname: return certname elif util.is_wildcard_domain(domains[0]): # Don't make files and directories starting with *. return domains[0][2:] return domains[0]
def choose_vhosts(self, target_name, create_if_no_match=False): """Chooses a virtual host based on the given domain name. .. note:: This makes the vhost SSL-enabled if it isn't already. Follows Nginx's server block selection rules preferring blocks that are already SSL. .. todo:: This should maybe return list if no obvious answer is presented. :param str target_name: domain name :param bool create_if_no_match: If we should create a new vhost from default when there is no match found. If we can't choose a default, raise a MisconfigurationError. :returns: ssl vhosts associated with name :rtype: list of :class:`~certbot_nginx._internal.obj.VirtualHost` """ if util.is_wildcard_domain(target_name): # Ask user which VHosts to support. vhosts = self._choose_vhosts_wildcard(target_name, prefer_ssl=True) else: vhosts = self._choose_vhost_single(target_name) if not vhosts: if create_if_no_match: # result will not be [None] because it errors on failure vhosts = [self._vhost_from_duplicated_default(target_name, True, str(self.config.https_port))] else: # No matches. Raise a misconfiguration error. raise errors.MisconfigurationError( ("Cannot find a VirtualHost matching domain %s. " "In order for Certbot to correctly perform the challenge " "please add a corresponding server_name directive to your " "nginx configuration for every domain on your certificate: " "https://nginx.org/en/docs/http/server_names.html") % (target_name)) # Note: if we are enhancing with ocsp, vhost should already be ssl. for vhost in vhosts: if not vhost.ssl: self._make_server_ssl(vhost) return vhosts
def choose_redirect_vhosts(self, target_name, port, create_if_no_match=False): """Chooses a single virtual host for redirect enhancement. Chooses the vhost most closely matching target_name that is listening to port without using ssl. .. todo:: This should maybe return list if no obvious answer is presented. .. todo:: The special name "$hostname" corresponds to the machine's hostname. Currently we just ignore this. :param str target_name: domain name :param str port: port number :param bool create_if_no_match: If we should create a new vhost from default when there is no match found. If we can't choose a default, raise a MisconfigurationError. :returns: vhosts associated with name :rtype: list of :class:`~certbot_nginx.obj.VirtualHost` """ if util.is_wildcard_domain(target_name): # Ask user which VHosts to enhance. vhosts = self._choose_vhosts_wildcard(target_name, prefer_ssl=False, no_ssl_filter_port=port) else: matches = self._get_redirect_ranked_matches(target_name, port) vhosts = [ x for x in [self._select_best_name_match(matches)] if x is not None ] if not vhosts and create_if_no_match: vhosts = [ self._vhost_from_duplicated_default(target_name, False, port) ] return vhosts
def obtain_and_enroll_certificate(self, domains, certname): """Obtain and enroll certificate. Get a new certificate for the specified domains using the specified authenticator and installer, and then create a new renewable lineage containing it. :param list domains: Domains to request. :param plugins: A PluginsFactory object. :param str certname: Name of new cert :returns: A new :class:`certbot.storage.RenewableCert` instance referred to the enrolled cert lineage, False if the cert could not be obtained, or None if doing a successful dry run. """ cert, chain, key, _ = self.obtain_certificate(domains) if (self.config.config_dir != constants.CLI_DEFAULTS["config_dir"] or self.config.work_dir != constants.CLI_DEFAULTS["work_dir"]): logger.warning( "Non-standard path(s), might not work with crontab installed " "by your operating system package manager") if certname: new_name = certname elif util.is_wildcard_domain(domains[0]): # Don't make files and directories starting with *. new_name = domains[0][2:] else: new_name = domains[0] if self.config.dry_run: logger.debug("Dry run: Skipping creating new lineage for %s", new_name) return None else: return storage.RenewableCert.new_lineage(new_name, cert, key.pem, chain, self.config)
def _call(self, domain): from certbot.util import is_wildcard_domain return is_wildcard_domain(domain)
def _call(self, domain): from certbot.util import is_wildcard_domain return is_wildcard_domain(domain)
def parse_args(self): """Parses command line arguments and returns the result. :returns: parsed command line arguments :rtype: argparse.Namespace """ parsed_args = self.parser.parse_args(self.args) parsed_args.func = self.VERBS[self.verb] parsed_args.verb = self.verb self.remove_config_file_domains_for_renewal(parsed_args) if self.detect_defaults: return parsed_args self.defaults = { key: copy.deepcopy(self.parser.get_default(key)) for key in vars(parsed_args) } # Do any post-parsing homework here if self.verb == "renew": if parsed_args.force_interactive: raise errors.Error("{0} cannot be used with renew".format( constants.FORCE_INTERACTIVE_FLAG)) parsed_args.noninteractive_mode = True if parsed_args.force_interactive and parsed_args.noninteractive_mode: raise errors.Error( "Flag for non-interactive mode and {0} conflict".format( constants.FORCE_INTERACTIVE_FLAG)) if parsed_args.staging or parsed_args.dry_run: self.set_test_server(parsed_args) if parsed_args.csr: self.handle_csr(parsed_args) if parsed_args.must_staple: parsed_args.staple = True if parsed_args.validate_hooks: hooks.validate_hooks(parsed_args) if parsed_args.allow_subset_of_names: if any(util.is_wildcard_domain(d) for d in parsed_args.domains): raise errors.Error("Using --allow-subset-of-names with a" " wildcard domain is not supported.") if parsed_args.hsts and parsed_args.auto_hsts: raise errors.Error( "Parameters --hsts and --auto-hsts cannot be used simultaneously." ) if isinstance(parsed_args.key_type, list) and len(parsed_args.key_type) > 1: raise errors.Error( "Only *one* --key-type type may be provided at this time.") return parsed_args