def run(config, plugins): # pylint: disable=too-many-branches,too-many-locals """Obtain a certificate and install.""" # TODO: Make run as close to auth + install as possible # Possible difficulties: config.csr was hacked into auth try: installer, authenticator = choose_configurator_plugins( config, plugins, "run") except errors.PluginSelectionError as e: return e.message domains = _find_domains(config, installer) # TODO: Handle errors from _init_le_client? le_client = _init_le_client(config, authenticator, installer) lineage, action = _auth_from_domains(le_client, config, domains) le_client.deploy_certificate(domains, lineage.privkey, lineage.cert, lineage.chain, lineage.fullchain) le_client.enhance_config(domains, config) if len(lineage.available_versions("cert")) == 1: display_ops.success_installation(domains) else: display_ops.success_renewal(domains, action) _suggest_donation_if_appropriate(config, action)
def run(config, plugins): # pylint: disable=too-many-branches,too-many-locals """Obtain a certificate and install.""" # TODO: Make run as close to auth + install as possible # Possible difficulties: config.csr was hacked into auth try: installer, authenticator = choose_configurator_plugins(config, plugins, "run") except errors.PluginSelectionError as e: return e.message domains = _find_domains(config, installer) # TODO: Handle errors from _init_le_client? le_client = _init_le_client(config, authenticator, installer) lineage, action = _auth_from_domains(le_client, config, domains) le_client.deploy_certificate( domains, lineage.privkey, lineage.cert, lineage.chain, lineage.fullchain) le_client.enhance_config(domains, config) if len(lineage.available_versions("cert")) == 1: display_ops.success_installation(domains) else: display_ops.success_renewal(domains, action) _suggest_donation_if_appropriate(config, action)
def obtain_cert(args, config, plugins): """Authenticate & obtain cert, but do not install it.""" if args.domains and args.csr is not None: # TODO: --csr could have a priority, when --domains is # supplied, check if CSR matches given domains? return "--domains and --csr are mutually exclusive" try: # installers are used in auth mode to determine domain names installer, authenticator = choose_configurator_plugins(args, config, plugins, "certonly") except errors.PluginSelectionError, e: return e.message
def obtain_cert(config, plugins, lineage=None): """Implements "certonly": authenticate & obtain cert, but do not install it.""" # pylint: disable=too-many-locals try: # installers are used in auth mode to determine domain names installer, authenticator = choose_configurator_plugins( config, plugins, "certonly") except errors.PluginSelectionError as e: logger.info("Could not choose appropriate plugin: %s", e) raise # TODO: Handle errors from _init_le_client? le_client = _init_le_client(config, authenticator, installer) action = "newcert" # This is a special case; cert and chain are simply saved if config.csr is not None: assert lineage is None, "Did not expect a CSR with a RenewableCert" csr, typ = config.actual_csr certr, chain = le_client.obtain_certificate_from_csr( config.domains, csr, typ) if config.dry_run: logger.info("Dry run: skipping saving certificate to %s", config.cert_path) else: cert_path, _, cert_fullchain = le_client.save_certificate( certr, chain, config.cert_path, config.chain_path, config.fullchain_path) _report_new_cert(cert_path, cert_fullchain) else: domains = _find_domains(config, installer) _, action = _auth_from_domains(le_client, config, domains, lineage) if config.dry_run: _report_successful_dry_run(config) elif config.verb == "renew": if installer is None: # Tell the user that the server was not restarted. print("new certificate deployed without reload, fullchain is", lineage.fullchain) else: # In case of a renewal, reload server to pick up new certificate. # In principle we could have a configuration option to inhibit this # from happening. installer.restart() print("new certificate deployed with reload of", config.installer, "server; fullchain is", lineage.fullchain) _suggest_donation_if_appropriate(config, action)
def obtain_cert(config, plugins, lineage=None): """Implements "certonly": authenticate & obtain cert, but do not install it.""" # pylint: disable=too-many-locals try: # installers are used in auth mode to determine domain names installer, authenticator = choose_configurator_plugins(config, plugins, "certonly") except errors.PluginSelectionError as e: logger.info("Could not choose appropriate plugin: %s", e) raise # TODO: Handle errors from _init_le_client? le_client = _init_le_client(config, authenticator, installer) action = "newcert" # This is a special case; cert and chain are simply saved if config.csr is not None: assert lineage is None, "Did not expect a CSR with a RenewableCert" csr, typ = config.actual_csr certr, chain = le_client.obtain_certificate_from_csr(config.domains, csr, typ) if config.dry_run: logger.info( "Dry run: skipping saving certificate to %s", config.cert_path) else: cert_path, _, cert_fullchain = le_client.save_certificate( certr, chain, config.cert_path, config.chain_path, config.fullchain_path) _report_new_cert(cert_path, cert_fullchain) else: domains = _find_domains(config, installer) _, action = _auth_from_domains(le_client, config, domains, lineage) if config.dry_run: _report_successful_dry_run(config) elif config.verb == "renew": if installer is None: # Tell the user that the server was not restarted. print("new certificate deployed without reload, fullchain is", lineage.fullchain) else: # In case of a renewal, reload server to pick up new certificate. # In principle we could have a configuration option to inhibit this # from happening. installer.restart() print("new certificate deployed with reload of", config.installer, "server; fullchain is", lineage.fullchain) _suggest_donation_if_appropriate(config, action)
def install(config, plugins): """Install a previously obtained cert in a server.""" # XXX: Update for renewer/RenewableCert # FIXME: be consistent about whether errors are raised or returned from # this function ... try: installer, _ = choose_configurator_plugins(config, plugins, "install") except errors.PluginSelectionError as e: return e.message domains = _find_domains(config, installer) le_client = _init_le_client(config, authenticator=None, installer=installer) assert config.cert_path is not None # required=True in the subparser le_client.deploy_certificate( domains, config.key_path, config.cert_path, config.chain_path, config.fullchain_path) le_client.enhance_config(domains, config)
def install(config, plugins): """Install a previously obtained cert in a server.""" # XXX: Update for renewer/RenewableCert # FIXME: be consistent about whether errors are raised or returned from # this function ... try: installer, _ = choose_configurator_plugins(config, plugins, "install") except errors.PluginSelectionError as e: return e.message domains = _find_domains(config, installer) le_client = _init_le_client(config, authenticator=None, installer=installer) assert config.cert_path is not None # required=True in the subparser le_client.deploy_certificate(domains, config.key_path, config.cert_path, config.chain_path, config.fullchain_path) le_client.enhance_config(domains, config)
def run(args, config, plugins): # pylint: disable=too-many-branches,too-many-locals """Obtain a certificate and install.""" try: installer, authenticator = choose_configurator_plugins(args, config, plugins, "run") except errors.PluginSelectionError, e: return e.message