def auth(dnsrobocert_config: Dict[str, Any], lineage: str):
certificate = config.get_certificate(dnsrobocert_config, lineage)
profile = config.find_profile_for_lineage(dnsrobocert_config, lineage)
domain = os.environ["CERTBOT_DOMAIN"]
token = os.environ["CERTBOT_VALIDATION"]
print(f"Executing auth hook for domain {domain}, lineage {lineage}.")
txt_challenge(certificate, profile, token, domain, action="create")
remaining_challenges = int(os.environ.get("CERTBOT_REMAINING_CHALLENGES", "0"))
if remaining_challenges != 0:
print(
f"Still {remaining_challenges} challenges to handle, skip checks until last challenge."
)
return
all_domains_str = os.environ.get("CERTBOT_ALL_DOMAINS", "")
all_domains = all_domains_str.split(",")
challenges_to_check = [f"_acme-challenge.{domain}" for domain in all_domains]
sleep_time = profile.get("sleep_time", 30)
max_checks = profile.get("max_checks", 0)
if max_checks:
print(f"Challenges to check: {challenges_to_check}")
checks = 0
while True:
checks = checks + 1
if checks > max_checks:
print(
f"All challenges were not propagated after the maximum tries of {max_checks}",
file=sys.stderr,
)
raise RuntimeError("Auth hook failed.")
print(
f"Wait {sleep_time} seconds before checking that all challenges have the expected value "
f"(try {checks}/{max_checks})"
)
time.sleep(sleep_time)
challenges_to_check = [
challenge
for challenge in challenges_to_check
if not check_one_challenge(
challenge,
token if challenge == "_acme-challenge.{domain}" else None,
)
]
if not challenges_to_check:
print(
f"All challenges have been propagated (try {checks}/{max_checks})."
)
break
else:
print(
f"Wait {sleep_time} seconds to let all challenges be propagated: {challenges_to_check}"
)
time.sleep(sleep_time)
def cleanup(dnsrobocert_config: Dict[str, str], lineage: str):
certificate = config.get_certificate(dnsrobocert_config, lineage)
profile = config.find_profile_for_lineage(dnsrobocert_config, lineage)
domain = os.environ["CERTBOT_DOMAIN"]
token = os.environ["CERTBOT_VALIDATION"]
print(f"Executing cleanup hook for domain {domain}, lineage {lineage}.")
txt_challenge(certificate, profile, token, domain, action="delete")
def deploy(dnsrobocert_config: Dict[str, Any], _no_lineage: Any):
lineage_path = os.environ["RENEWED_LINEAGE"]
lineage = os.path.basename(lineage_path)
certificate = config.get_certificate(dnsrobocert_config, lineage)
_pfx_export(certificate, lineage_path)
_fix_permissions(
dnsrobocert_config.get("acme", {}).get("certs_permissions", {}),
lineage_path)
_autorestart(certificate)
_autocmd(certificate)
_deploy_hook(certificate)