示例#1
0
def run(config, plugins):  # pylint: disable=too-many-branches,too-many-locals
    """Obtain a certificate and install."""
    # TODO: Make run as close to auth + install as possible
    # Possible difficulties: config.csr was hacked into auth
    try:
        installer, authenticator = choose_configurator_plugins(
            config, plugins, "run")
    except errors.PluginSelectionError as e:
        return e.message

    domains = _find_domains(config, installer)

    # TODO: Handle errors from _init_le_client?
    le_client = _init_le_client(config, authenticator, installer)

    lineage, action = _auth_from_domains(le_client, config, domains)

    le_client.deploy_certificate(domains, lineage.privkey, lineage.cert,
                                 lineage.chain, lineage.fullchain)

    le_client.enhance_config(domains, config)

    if len(lineage.available_versions("cert")) == 1:
        display_ops.success_installation(domains)
    else:
        display_ops.success_renewal(domains, action)

    _suggest_donation_if_appropriate(config, action)
示例#2
0
def run(config, plugins):  # pylint: disable=too-many-branches,too-many-locals
    """Obtain a certificate and install."""
    # TODO: Make run as close to auth + install as possible
    # Possible difficulties: config.csr was hacked into auth
    try:
        installer, authenticator = choose_configurator_plugins(config, plugins, "run")
    except errors.PluginSelectionError as e:
        return e.message

    domains = _find_domains(config, installer)

    # TODO: Handle errors from _init_le_client?
    le_client = _init_le_client(config, authenticator, installer)

    lineage, action = _auth_from_domains(le_client, config, domains)

    le_client.deploy_certificate(
        domains, lineage.privkey, lineage.cert,
        lineage.chain, lineage.fullchain)

    le_client.enhance_config(domains, config)

    if len(lineage.available_versions("cert")) == 1:
        display_ops.success_installation(domains)
    else:
        display_ops.success_renewal(domains, action)

    _suggest_donation_if_appropriate(config, action)
示例#3
0
def obtain_cert(args, config, plugins):
    """Authenticate & obtain cert, but do not install it."""

    if args.domains and args.csr is not None:
        # TODO: --csr could have a priority, when --domains is
        # supplied, check if CSR matches given domains?
        return "--domains and --csr are mutually exclusive"

    try:
        # installers are used in auth mode to determine domain names
        installer, authenticator = choose_configurator_plugins(args, config, plugins, "certonly")
    except errors.PluginSelectionError, e:
        return e.message
示例#4
0
def obtain_cert(config, plugins, lineage=None):
    """Implements "certonly": authenticate & obtain cert, but do not install it."""
    # pylint: disable=too-many-locals
    try:
        # installers are used in auth mode to determine domain names
        installer, authenticator = choose_configurator_plugins(
            config, plugins, "certonly")
    except errors.PluginSelectionError as e:
        logger.info("Could not choose appropriate plugin: %s", e)
        raise

    # TODO: Handle errors from _init_le_client?
    le_client = _init_le_client(config, authenticator, installer)

    action = "newcert"
    # This is a special case; cert and chain are simply saved
    if config.csr is not None:
        assert lineage is None, "Did not expect a CSR with a RenewableCert"
        csr, typ = config.actual_csr
        certr, chain = le_client.obtain_certificate_from_csr(
            config.domains, csr, typ)
        if config.dry_run:
            logger.info("Dry run: skipping saving certificate to %s",
                        config.cert_path)
        else:
            cert_path, _, cert_fullchain = le_client.save_certificate(
                certr, chain, config.cert_path, config.chain_path,
                config.fullchain_path)
            _report_new_cert(cert_path, cert_fullchain)
    else:
        domains = _find_domains(config, installer)
        _, action = _auth_from_domains(le_client, config, domains, lineage)

    if config.dry_run:
        _report_successful_dry_run(config)
    elif config.verb == "renew":
        if installer is None:
            # Tell the user that the server was not restarted.
            print("new certificate deployed without reload, fullchain is",
                  lineage.fullchain)
        else:
            # In case of a renewal, reload server to pick up new certificate.
            # In principle we could have a configuration option to inhibit this
            # from happening.
            installer.restart()
            print("new certificate deployed with reload of", config.installer,
                  "server; fullchain is", lineage.fullchain)
    _suggest_donation_if_appropriate(config, action)
示例#5
0
def obtain_cert(config, plugins, lineage=None):
    """Implements "certonly": authenticate & obtain cert, but do not install it."""
    # pylint: disable=too-many-locals
    try:
        # installers are used in auth mode to determine domain names
        installer, authenticator = choose_configurator_plugins(config, plugins, "certonly")
    except errors.PluginSelectionError as e:
        logger.info("Could not choose appropriate plugin: %s", e)
        raise

    # TODO: Handle errors from _init_le_client?
    le_client = _init_le_client(config, authenticator, installer)

    action = "newcert"
    # This is a special case; cert and chain are simply saved
    if config.csr is not None:
        assert lineage is None, "Did not expect a CSR with a RenewableCert"
        csr, typ = config.actual_csr
        certr, chain = le_client.obtain_certificate_from_csr(config.domains, csr, typ)
        if config.dry_run:
            logger.info(
                "Dry run: skipping saving certificate to %s", config.cert_path)
        else:
            cert_path, _, cert_fullchain = le_client.save_certificate(
                certr, chain, config.cert_path, config.chain_path, config.fullchain_path)
            _report_new_cert(cert_path, cert_fullchain)
    else:
        domains = _find_domains(config, installer)
        _, action = _auth_from_domains(le_client, config, domains, lineage)

    if config.dry_run:
        _report_successful_dry_run(config)
    elif config.verb == "renew":
        if installer is None:
            # Tell the user that the server was not restarted.
            print("new certificate deployed without reload, fullchain is",
                  lineage.fullchain)
        else:
            # In case of a renewal, reload server to pick up new certificate.
            # In principle we could have a configuration option to inhibit this
            # from happening.
            installer.restart()
            print("new certificate deployed with reload of",
                  config.installer, "server; fullchain is", lineage.fullchain)
    _suggest_donation_if_appropriate(config, action)
示例#6
0
def install(config, plugins):
    """Install a previously obtained cert in a server."""
    # XXX: Update for renewer/RenewableCert
    # FIXME: be consistent about whether errors are raised or returned from
    # this function ...

    try:
        installer, _ = choose_configurator_plugins(config, plugins, "install")
    except errors.PluginSelectionError as e:
        return e.message

    domains = _find_domains(config, installer)
    le_client = _init_le_client(config, authenticator=None, installer=installer)
    assert config.cert_path is not None  # required=True in the subparser
    le_client.deploy_certificate(
        domains, config.key_path, config.cert_path, config.chain_path,
        config.fullchain_path)
    le_client.enhance_config(domains, config)
示例#7
0
def install(config, plugins):
    """Install a previously obtained cert in a server."""
    # XXX: Update for renewer/RenewableCert
    # FIXME: be consistent about whether errors are raised or returned from
    # this function ...

    try:
        installer, _ = choose_configurator_plugins(config, plugins, "install")
    except errors.PluginSelectionError as e:
        return e.message

    domains = _find_domains(config, installer)
    le_client = _init_le_client(config,
                                authenticator=None,
                                installer=installer)
    assert config.cert_path is not None  # required=True in the subparser
    le_client.deploy_certificate(domains, config.key_path, config.cert_path,
                                 config.chain_path, config.fullchain_path)
    le_client.enhance_config(domains, config)
示例#8
0
def run(args, config, plugins):  # pylint: disable=too-many-branches,too-many-locals
    """Obtain a certificate and install."""
    try:
        installer, authenticator = choose_configurator_plugins(args, config, plugins, "run")
    except errors.PluginSelectionError, e:
        return e.message