|
|
@@ -246,136 +246,156 @@ if __name__ == '__main__':
|
|
|
dryrun=config['main'].getboolean('dryrun')
|
|
|
service_reload = dict()
|
|
|
|
|
|
- ot_conn=connect_db(dict(config['ot_db']))
|
|
|
- dns_conn=connect_db(dict(config['dns_db']))
|
|
|
-
|
|
|
if dryrun:
|
|
|
print("DRYRUN, nessun certificato verra' richiesto, nessun link/file creato o modificato")
|
|
|
|
|
|
-
|
|
|
- # Caso speciale per le webmail
|
|
|
- if args.webmail:
|
|
|
- logging.info('Asking certificates for webmail')
|
|
|
- vhost_name = config['webmail']['vhost'].strip()
|
|
|
- webmails_list = ["webmail.{}".format(d.strip()) for d in config['webmail']['domains'].split(',') if len(d.strip())>0]
|
|
|
- logging.info('vhost {}, domains_list {}'.format(vhost_name, webmails_list))
|
|
|
- if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):
|
|
|
- link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
- service_reload['webmail'] = True
|
|
|
- else:
|
|
|
- logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
-
|
|
|
- # Caso speciale per il server POP/IMAP
|
|
|
- if args.mbox:
|
|
|
- logging.info('Asking certificates for POP/IMAP server')
|
|
|
- vhost_name = config['mail']['mbox_vhost'].strip()
|
|
|
- server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
|
|
|
- mbox_fmt = ','.join(['%s'] * len(server_addresses))
|
|
|
- mbox_query = mbox_list_stmt.format(mbox_fmt)
|
|
|
- alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
|
|
|
- # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
|
|
|
- alias_list.append('mail.indivia.net')
|
|
|
- logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
|
|
|
- if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['mbox_webroot'].strip(),
|
|
|
- dryrun=dryrun, domains_list=alias_list):
|
|
|
- # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
|
|
|
- # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
- service_reload['mbox'] = True
|
|
|
- pass
|
|
|
- else:
|
|
|
- logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
-
|
|
|
- # Caso speciale per il server SMTP
|
|
|
- if args.smtp:
|
|
|
- logging.info('Asking certificates for SMTP server')
|
|
|
- vhost_name = config['mail']['smtp_vhost'].strip()
|
|
|
- server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
|
|
|
- smtp_fmt = ','.join(['%s'] * len(server_addresses))
|
|
|
- smtp_query = smtp_list_stmt.format(smtp_fmt)
|
|
|
- alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
|
|
|
- logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
|
|
|
- if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['smtp_webroot'].strip(),
|
|
|
- dryrun=dryrun, domains_list=alias_list):
|
|
|
- # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
|
|
|
- # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
- service_reload['smtp'] = True
|
|
|
- pass
|
|
|
- else:
|
|
|
- logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
-
|
|
|
- # Caso speciale per l'hosting
|
|
|
- if args.hosting:
|
|
|
- logging.info('Asking certificates for hosted web domains')
|
|
|
- # Subdomains da escludere
|
|
|
- ex_subdomains = tuple([s.strip() for s in config['main']['special_subdomains'].split(',') if len(s.strip())>0])
|
|
|
- domains_dict = get_domain_list(config, ot_conn, dns_conn)
|
|
|
-
|
|
|
- for domain_name, domain_feat in domains_dict.items():
|
|
|
- domain_feat['subdomains']=get_subdomain_list(config, domain_name, ot_conn, ex_subdomains=ex_subdomains)
|
|
|
- # Controlla se i nameserver sono gestiti da noi
|
|
|
- if domain_feat['managed_ns']:
|
|
|
- # Nel caso il nameserver sia gestito, chiedi certificati per il dominio e la wildcard
|
|
|
- logger.info('Get certificates for {}, *.{}'.format(domain_name, domain_name))
|
|
|
- if acme_request(config, domain_name, acme_test='DNS-01', dryrun=dryrun):
|
|
|
- link_cert(config, domain_name, domain_name, dryrun=dryrun)
|
|
|
- # Crea il link per ogni subdomain
|
|
|
- for subdomain in domain_feat['subdomains']:
|
|
|
- link_cert(config, domain_name, subdomain, dryrun=dryrun)
|
|
|
- service_reload['hosting'] = True
|
|
|
-
|
|
|
- else:
|
|
|
- # Nel caso i nameserver NON siano gestiti, allora chiedi un certificato per ogni sottodominio
|
|
|
- # Crea il link per ogni subdomain
|
|
|
- for subdomain in domain_feat['subdomains']:
|
|
|
- logger.info('Get certificates for {}'.format(subdomain))
|
|
|
- if acme_request(config, subdomain, acme_test='HTTP-01', dryrun=dryrun):
|
|
|
- link_cert(config, subdomain, subdomain, dryrun=dryrun)
|
|
|
- service_reload['hosting'] = True
|
|
|
- ot_conn.close()
|
|
|
- dns_conn.close()
|
|
|
-
|
|
|
- # Genero il certificato per l'interfaccia di mailman
|
|
|
- if args.liste:
|
|
|
- logging.info('Asking certificates for liste.indivia.net')
|
|
|
- vhost_name = config['mailman']['vhost'].strip()
|
|
|
- liste_list = ["liste.{}".format(d.strip()) for d in config['mailman']['domains'].split(',') if len(d.strip())>0]
|
|
|
- if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=liste_list):
|
|
|
- link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
- service_reload['liste'] = True
|
|
|
- else:
|
|
|
- logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
-
|
|
|
if args.renew:
|
|
|
pre_hook_cmd = None
|
|
|
post_hook_cmd = None
|
|
|
logging.info('Renewing certificates ')
|
|
|
- if set(['webmail','hosting','liste']) & set(service_reload.keys()):
|
|
|
+ if args.webmail or args.hosting or args.liste:
|
|
|
post_hook_cmd = "systemctl reload apache2"
|
|
|
- elif set(['smtp',]) & set(service_reload.keys()):
|
|
|
+ elif args.smtp:
|
|
|
post_hook_cmd = "systemctl reload postfix"
|
|
|
- elif set(['mbox',]) & set(service_reload.keys()):
|
|
|
+ elif args.mbox:
|
|
|
post_hook_cmd = "systemctl restart dovecot"
|
|
|
|
|
|
logger.debug("post_hook_cmd: {}".format(post_hook_cmd))
|
|
|
|
|
|
if acme_renew(config, pre_hook_cmd, post_hook_cmd, dryrun=dryrun):
|
|
|
logger.info("Done renew")
|
|
|
- else:
|
|
|
- if set(['webmail','hosting','liste']) & set(service_reload.keys()):
|
|
|
+
|
|
|
+ else:
|
|
|
+ # Fai le nuove richieste per i certificati
|
|
|
+
|
|
|
+ # Caso speciale per le webmail
|
|
|
+ if args.webmail:
|
|
|
+ logging.info('Asking certificates for webmail')
|
|
|
+ vhost_name = config['webmail']['vhost'].strip()
|
|
|
+ webmails_list = ["webmail.{}".format(d.strip()) for d in config['webmail']['domains'].split(',') if len(d.strip())>0]
|
|
|
+ logging.info('vhost {}, domains_list {}'.format(vhost_name, webmails_list))
|
|
|
+ if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):
|
|
|
+ link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
+ else:
|
|
|
+ logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
+
|
|
|
# reload apache
|
|
|
- logger.info("Restarting apache")
|
|
|
+ logger.info("Reloading apache")
|
|
|
# ret = subprocess.run("systemctl reload apache2")
|
|
|
ret = os.system("systemctl reload apache2")
|
|
|
logger.info(ret)
|
|
|
- if set(['smtp',]) & set(service_reload.keys()):
|
|
|
- # reload postfix
|
|
|
- logger.info("Restarting postfix")
|
|
|
- # ret = subprocess.run("systemctl reload postfix")
|
|
|
- ret = os.system("systemctl reload postfix")
|
|
|
+
|
|
|
+ # Caso speciale per l'hosting
|
|
|
+ if args.hosting:
|
|
|
+ logging.info('Asking certificates for hosted web domains')
|
|
|
+ ot_conn=connect_db(dict(config['ot_db']))
|
|
|
+ dns_conn=connect_db(dict(config['dns_db']))
|
|
|
+ # Subdomains da escludere
|
|
|
+ ex_subdomains = tuple([s.strip() for s in config['main']['special_subdomains'].split(',') if len(s.strip())>0])
|
|
|
+ domains_dict = get_domain_list(config, ot_conn, dns_conn)
|
|
|
+
|
|
|
+ for domain_name, domain_feat in domains_dict.items():
|
|
|
+ domain_feat['subdomains']=get_subdomain_list(config, domain_name, ot_conn, ex_subdomains=ex_subdomains)
|
|
|
+ # Controlla se i nameserver sono gestiti da noi
|
|
|
+ if domain_feat['managed_ns']:
|
|
|
+ # Nel caso il nameserver sia gestito, chiedi certificati per il dominio e la wildcard
|
|
|
+ logger.info('Get certificates for {}, *.{}'.format(domain_name, domain_name))
|
|
|
+ if acme_request(config, domain_name, acme_test='DNS-01', dryrun=dryrun):
|
|
|
+ link_cert(config, domain_name, domain_name, dryrun=dryrun)
|
|
|
+ # Crea il link per ogni subdomain
|
|
|
+ for subdomain in domain_feat['subdomains']:
|
|
|
+ link_cert(config, domain_name, subdomain, dryrun=dryrun)
|
|
|
+
|
|
|
+ else:
|
|
|
+ # Nel caso i nameserver NON siano gestiti, allora chiedi un certificato per ogni sottodominio
|
|
|
+ # Crea il link per ogni subdomain
|
|
|
+ for subdomain in domain_feat['subdomains']:
|
|
|
+ logger.info('Get certificates for {}'.format(subdomain))
|
|
|
+ if acme_request(config, subdomain, acme_test='HTTP-01', dryrun=dryrun):
|
|
|
+ link_cert(config, subdomain, subdomain, dryrun=dryrun)
|
|
|
+
|
|
|
+ ot_conn.close()
|
|
|
+ dns_conn.close()
|
|
|
+
|
|
|
+ # reload apache
|
|
|
+ logger.info("Reloading apache")
|
|
|
+ # ret = subprocess.run("systemctl reload apache2")
|
|
|
+ ret = os.system("systemctl reload apache2")
|
|
|
logger.info(ret)
|
|
|
- if set(['mbox',]) & set(service_reload.keys()):
|
|
|
+
|
|
|
+
|
|
|
+ # Caso speciale per l'interfaccia di mailman
|
|
|
+ if args.liste:
|
|
|
+ logging.info('Asking certificates for liste.indivia.net')
|
|
|
+ vhost_name = config['mailman']['vhost'].strip()
|
|
|
+ liste_list = ["liste.{}".format(d.strip()) for d in config['mailman']['domains'].split(',') if len(d.strip())>0]
|
|
|
+ if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=liste_list):
|
|
|
+ link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
+ else:
|
|
|
+ logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
+
|
|
|
+ # reload apache
|
|
|
+ logger.info("Reloading apache")
|
|
|
+ # ret = subprocess.run("systemctl reload apache2")
|
|
|
+ ret = os.system("systemctl reload apache2")
|
|
|
+ logger.info(ret)
|
|
|
+
|
|
|
+
|
|
|
+ # Caso speciale per il server POP/IMAP
|
|
|
+ if args.mbox:
|
|
|
+ dns_conn=connect_db(dict(config['dns_db']))
|
|
|
+ logging.info('Asking certificates for POP/IMAP server')
|
|
|
+ vhost_name = config['mail']['mbox_vhost'].strip()
|
|
|
+ server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
|
|
|
+ mbox_fmt = ','.join(['%s'] * len(server_addresses))
|
|
|
+ mbox_query = mbox_list_stmt.format(mbox_fmt)
|
|
|
+ alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
|
|
|
+ # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
|
|
|
+ alias_list.append('mail.indivia.net')
|
|
|
+ logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
|
|
|
+ if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['mbox_webroot'].strip(),
|
|
|
+ dryrun=dryrun, domains_list=alias_list):
|
|
|
+ # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
|
|
|
+ # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
+ service_reload['mbox'] = True
|
|
|
+ pass
|
|
|
+ else:
|
|
|
+ logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
+
|
|
|
+ dns_conn.close()
|
|
|
+
|
|
|
# restart dovecot
|
|
|
logger.info("Restarting dovecot")
|
|
|
# ret = subprocess.run("systemctl restart dovecot")
|
|
|
ret = os.system("systemctl restart dovecot")
|
|
|
logger.info(ret)
|
|
|
+
|
|
|
+
|
|
|
+ # Caso speciale per il server SMTP
|
|
|
+ if args.smtp:
|
|
|
+ logging.info('Asking certificates for SMTP server')
|
|
|
+ dns_conn=connect_db(dict(config['dns_db']))
|
|
|
+ vhost_name = config['mail']['smtp_vhost'].strip()
|
|
|
+ server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
|
|
|
+ smtp_fmt = ','.join(['%s'] * len(server_addresses))
|
|
|
+ smtp_query = smtp_list_stmt.format(smtp_fmt)
|
|
|
+ alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
|
|
|
+ logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
|
|
|
+ if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['smtp_webroot'].strip(),
|
|
|
+ dryrun=dryrun, domains_list=alias_list):
|
|
|
+ # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
|
|
|
+ # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
|
|
+ service_reload['smtp'] = True
|
|
|
+ pass
|
|
|
+ else:
|
|
|
+ logger.error('Error asking certificate for {}'.format(vhost_name))
|
|
|
+
|
|
|
+ dns_conn.close()
|
|
|
+
|
|
|
+ # reload postfix
|
|
|
+ logger.info("Restarting postfix")
|
|
|
+ # ret = subprocess.run("systemctl reload postfix")
|
|
|
+ ret = os.system("systemctl reload postfix")
|
|
|
+ logger.info(ret)
|
|
|
+
|
|
|
+
|
