Added options for mbox and smtp
This commit is contained in:
parent
7b19268abc
commit
9973120b31
1 changed files with 64 additions and 1 deletions
65
OTcerts.py
65
OTcerts.py
|
|
@ -7,6 +7,14 @@ import configparser
|
|||
import logging
|
||||
import mysql.connector
|
||||
|
||||
|
||||
# Query for IMAP/POP3 certificate
|
||||
mbox_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'imap.%' or name LIKE 'pop3.%' or name LIKE 'mail.%')"
|
||||
|
||||
# Query for SMTP certificate
|
||||
smtp_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'smtp.%' or name LIKE 'mail.%')"
|
||||
|
||||
|
||||
# Get list of defined domains in vhosts configuration database
|
||||
domains_list_stmt = """SELECT DISTINCT(SUBSTRING_INDEX(urls.dns_name, '.', -2)) AS domain_names
|
||||
FROM urls INNER JOIN (hosts_urls, hosts, vhosts_features, vhosts)
|
||||
|
|
@ -47,6 +55,10 @@ def init_prog(argv):
|
|||
help="Richiedi i certificati per i siti in hosting")
|
||||
parser.add_argument("--webmail", default=False, action='store_true', required=False,
|
||||
help="Richiedi i certificati per le webmail")
|
||||
parser.add_argument("--smtp", default=False, action='store_true', required=False,
|
||||
help="Richiedi i certificati per il server SMTP")
|
||||
parser.add_argument("--mbox", default=False, action='store_true', required=False,
|
||||
help="Richiedi i certificati per il server POP/IMAP")
|
||||
parser.add_argument("--renew", default=False, action='store_true', required=False,
|
||||
help="Invoca solamente il renew per i certificati gia' presenti")
|
||||
args = parser.parse_args()
|
||||
|
|
@ -130,6 +142,24 @@ def get_domain_list(config, ot_conn, dns_conn):
|
|||
ot_cursor.close()
|
||||
return result_dict
|
||||
|
||||
def get_alias_list(config, dns_conn, query, aliases):
|
||||
"""
|
||||
Return a list of domains to get the certificate for
|
||||
|
||||
"""
|
||||
result_list = list()
|
||||
|
||||
dns_cursor=dns_conn.cursor()
|
||||
try:
|
||||
dns_cursor.execute(query, aliases)
|
||||
except Exception as e:
|
||||
logger.error(e)
|
||||
exit(-1)
|
||||
dns_res = dns_cursor.fetchall()
|
||||
result_list = [name[0].decode('utf-8') for name in dns_res]
|
||||
dns_cursor.close()
|
||||
return result_list
|
||||
|
||||
|
||||
def acme_request(config, domain_name, acme_test='DNS-01', dryrun=False, domains_list=None):
|
||||
|
||||
|
|
@ -193,7 +223,7 @@ if __name__ == '__main__':
|
|||
dns_conn=connect_db(dict(config['dns_db']))
|
||||
|
||||
if dryrun:
|
||||
print("DRYRUN, nessuna operazione verra' eseguita realmente")
|
||||
print("DRYRUN, nessun certificato verra' richiesto, nessun link/file creato o modificato")
|
||||
|
||||
|
||||
# Caso speciale per le webmail
|
||||
|
|
@ -206,6 +236,39 @@ if __name__ == '__main__':
|
|||
else:
|
||||
logger.error('Error asking certificate for {}'.format(vhost_name))
|
||||
|
||||
# Caso speciale per il server POP/IMAP
|
||||
if args.mbox:
|
||||
logging.info('Asking certificates for POP/IMAP server')
|
||||
vhost_name = config['mail']['mbox_vhost'].strip()
|
||||
server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
|
||||
mbox_fmt = ','.join(['%s'] * len(server_addresses))
|
||||
mbox_query = mbox_list_stmt.format(mbox_fmt)
|
||||
alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
|
||||
# Per usi futuri, aggiungo l'alias 'mail.indivia.net'
|
||||
alias_list.append('mail.indivia.net')
|
||||
if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=alias_list):
|
||||
# non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
|
||||
# link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
||||
pass
|
||||
else:
|
||||
logger.error('Error asking certificate for {}'.format(vhost_name))
|
||||
|
||||
# Caso speciale per il server SMTP
|
||||
if args.smtp:
|
||||
logging.info('Asking certificates for SMTP server')
|
||||
vhost_name = config['mail']['smtp_vhost'].strip()
|
||||
server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
|
||||
smtp_fmt = ','.join(['%s'] * len(server_addresses))
|
||||
smtp_query = smtp_list_stmt.format(smtp_fmt)
|
||||
alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
|
||||
if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=alias_list):
|
||||
# non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
|
||||
# link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
||||
pass
|
||||
else:
|
||||
logger.error('Error asking certificate for {}'.format(vhost_name))
|
||||
|
||||
# Caso speciale per l'hosting
|
||||
if args.hosting:
|
||||
logging.info('Asking certificates for hosted web domains')
|
||||
# Subdomains da escludere
|
||||
|
|
|
|||
Loading…
Reference in a new issue