def auth(dnsrobocert_config: Dict[str, Any], lineage: str): certificate = config.get_certificate(dnsrobocert_config, lineage) profile = config.find_profile_for_lineage(dnsrobocert_config, lineage) domain = os.environ["CERTBOT_DOMAIN"] token = os.environ["CERTBOT_VALIDATION"] print(f"Executing auth hook for domain {domain}, lineage {lineage}.") txt_challenge(certificate, profile, token, domain, action="create") remaining_challenges = int(os.environ.get("CERTBOT_REMAINING_CHALLENGES", "0")) if remaining_challenges != 0: print( f"Still {remaining_challenges} challenges to handle, skip checks until last challenge." ) return all_domains_str = os.environ.get("CERTBOT_ALL_DOMAINS", "") all_domains = all_domains_str.split(",") challenges_to_check = [f"_acme-challenge.{domain}" for domain in all_domains] sleep_time = profile.get("sleep_time", 30) max_checks = profile.get("max_checks", 0) if max_checks: print(f"Challenges to check: {challenges_to_check}") checks = 0 while True: checks = checks + 1 if checks > max_checks: print( f"All challenges were not propagated after the maximum tries of {max_checks}", file=sys.stderr, ) raise RuntimeError("Auth hook failed.") print( f"Wait {sleep_time} seconds before checking that all challenges have the expected value " f"(try {checks}/{max_checks})" ) time.sleep(sleep_time) challenges_to_check = [ challenge for challenge in challenges_to_check if not check_one_challenge( challenge, token if challenge == "_acme-challenge.{domain}" else None, ) ] if not challenges_to_check: print( f"All challenges have been propagated (try {checks}/{max_checks})." ) break else: print( f"Wait {sleep_time} seconds to let all challenges be propagated: {challenges_to_check}" ) time.sleep(sleep_time)
def cleanup(dnsrobocert_config: Dict[str, str], lineage: str): certificate = config.get_certificate(dnsrobocert_config, lineage) profile = config.find_profile_for_lineage(dnsrobocert_config, lineage) domain = os.environ["CERTBOT_DOMAIN"] token = os.environ["CERTBOT_VALIDATION"] print(f"Executing cleanup hook for domain {domain}, lineage {lineage}.") txt_challenge(certificate, profile, token, domain, action="delete")
def deploy(dnsrobocert_config: Dict[str, Any], _no_lineage: Any): lineage_path = os.environ["RENEWED_LINEAGE"] lineage = os.path.basename(lineage_path) certificate = config.get_certificate(dnsrobocert_config, lineage) _pfx_export(certificate, lineage_path) _fix_permissions( dnsrobocert_config.get("acme", {}).get("certs_permissions", {}), lineage_path) _autorestart(certificate) _autocmd(certificate) _deploy_hook(certificate)