Print subdomain

.gitignore

@@ -1,3 +1,4 @@
+certbot-auto
 etc/
 #.*#
 .*~

OTcerts.py

@@ -31,8 +31,6 @@ subdomains_list_stmt = "SELECT DISTINCT(urls.dns_name) AS domain_names "\
                        "WHERE (hosts_urls.http = 'Y' and hosts.hostname =  %(webserver)s and "\
                        "urls.dns_name LIKE %(domain)s)"
 
-
-
 default_conf_file="./etc/ot_certs.ini"
 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger()
@@ -102,11 +100,8 @@ def get_subdomain_list(config,  domain, ot_conn, ex_subdomains=tuple()):
     subdomains_res = ot_cursor.fetchall()
     ot_cursor.close()
 
-    #if filtered:
     subdomains_filtered = [s[0].decode('utf-8') for s in subdomains_res
                                if not(s[0].decode('utf-8').startswith(ex_subdomains))]
-    # else:
-    #     subdomains_filtered = [s[0].decode('utf-8') for s in subdomains_res]
 
     return subdomains_filtered
 
@@ -235,6 +230,7 @@ if __name__ == '__main__':
         logging.info('Asking certificates for webmail')
         vhost_name = config['webmail']['vhost'].strip()
         webmails_list = ["webmail.{}".format(d.strip()) for d in config['webmail']['domains'].split(',') if len(d.strip())>0]
+        logging.info('vhost {}, domains_list {}'.format(vhost_name, webmails_list))
         if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):
             link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
         else:
@@ -250,6 +246,7 @@ if __name__ == '__main__':
         alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
         # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
         alias_list.append('mail.indivia.net')
+        logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
         if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['mbox_webroot'].strip(),
                         dryrun=dryrun, domains_list=alias_list):
             # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
@@ -266,6 +263,7 @@ if __name__ == '__main__':
         smtp_fmt = ','.join(['%s'] * len(server_addresses))
         smtp_query = smtp_list_stmt.format(smtp_fmt)
         alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
+        logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
         if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['smtp_webroot'].strip(),
                         dryrun=dryrun, domains_list=alias_list):
             # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
@@ -286,6 +284,7 @@ if __name__ == '__main__':
             # Controlla se i nameserver sono gestiti da noi
             if domain_feat['managed_ns']:
                 # Nel caso il nameserver sia gestito, chiedi certificati per il dominio e la wildcard
+                logger.info('Get certificates for {}, *.{}'.format(domain_name, domain_name))
                 if acme_request(config, domain_name, acme_test='DNS-01', dryrun=dryrun):
                     link_cert(config, domain_name, domain_name, dryrun=dryrun)
                     # Crea il link per ogni subdomain
@@ -295,6 +294,7 @@ if __name__ == '__main__':
                 # Nel caso i nameserver NON siano gestiti, allora chiedi un certificato per ogni sottodominio
                 # Crea il link per ogni subdomain
                 for subdomain in domain_feat['subdomains']:
+                    logger.info('Get certificates for {}'.format(subdomain))
                     if acme_request(config, subdomain, acme_test='HTTP-01', dryrun=dryrun):
                         link_cert(config, subdomain, subdomain, dryrun=dryrun)
         ot_conn.close()

letsencrypt/lets_authenticator.sh

@@ -0,0 +1,42 @@
+LOG_FILE='/tmp/lets_auth.log'
+DNS_DB_MYCNF="/usr/local/ortiche/otcerts/etc/dns_db.conf"
+
+echo "Auth $CERTBOT_DOMAIN"
+
+echo  "" >> $LOG_FILE
+date >> $LOG_FILE
+
+RECORD_NAME='_acme-challenge'
+RECORD_FQDN="$RECORD_NAME.$CERTBOT_DOMAIN"
+
+DOMAIN_ID=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+  SELECT domains.id FROM domains WHERE domains.name='$CERTBOT_DOMAIN'
+END_QUERY`
+
+if [ -z "$DOMAIN_ID" ]; then
+  echo "ERROR: Nameservers are not managed for domain $CERTBOT_DOMAIN" >> $LOG_FILE
+  exit 255
+fi
+
+echo "Selected domain_id $DOMAIN_ID" >> $LOG_FILE
+
+echo "Creating $RECORD_FQDN TXT entry with value $CERTBOT_VALIDATION" >> $LOG_FILE
+
+QUERY_RES=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+  INSERT INTO records (domain_id, name, type, content, ttl, prio, label)
+  VALUES ($DOMAIN_ID, '$RECORD_FQDN', 'TXT', '"$CERTBOT_VALIDATION"', 5, 60, '"$CERTBOT_VALIDATION"')
+END_QUERY`
+
+# echo "Done updating" >> $LOG_FILE
+RECORD_ID=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+  SELECT id FROM records WHERE (type='TXT' and name='$RECORD_FQDN')
+END_QUERY`
+
+echo "After update $RECORD_ID ." >> $LOG_FILE
+echo "Done updating, sleeping 10 secs .. " >> $LOG_FILE
+sleep 5
+echo "Done sleeping." >> $LOG_FILE
+# dig @172.19.0.102  $RECORD_FQDN TXT +short >> $LOG_FILE
+# dig @dns.contaminati.net $RECORD_FQDN TXT +short >> $LOG_FILE
+# dig @dns.ortiche.net  $RECORD_FQDN TXT +short >> $LOG_FILE
+exit 0

letsencrypt/lets_cleanup.sh

@@ -0,0 +1,41 @@
+LOG_FILE='/tmp/lets_clean.log'
+DNS_DB_MYCNF="/usr/local/ortiche/otcerts/etc/dns_db.conf"
+
+echo "" >> $LOG_FILE
+date >> $LOG_FILE
+
+
+
+echo "CERTBOT_AUTH_OUTPUT = $CERTBOT_AUTH_OUTPUT" >> $LOG_FILE
+
+RECORD_NAME='_acme-challenge'
+RECORD_FQDN="$RECORD_NAME.$CERTBOT_DOMAIN"
+
+DOMAIN_ID=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+  SELECT domains.id FROM domains WHERE domains.name='$CERTBOT_DOMAIN'
+END_QUERY`
+
+if [ -z "$DOMAIN_ID" ]; then
+  echo "ERROR: Nameservers are not managed for domain $CERTBOT_DOMAIN" >> $LOG_FILE
+  exit 255
+fi
+
+RECORD_ID=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+  SELECT id FROM records WHERE (type='TXT' and name='$RECORD_FQDN')
+END_QUERY`
+
+echo "Cleaning $RECORD_FQDN TXT entry, record id $RECORD_ID" >> $LOG_FILE
+
+# QUERY_RES=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+#  UPDATE records SET content='""' WHERE id=$RECORD_ID
+# END_QUERY`
+
+# To complete delete
+DELETE_RES=`mysql --defaults-extra-file=$DNS_DB_MYCNF -s -N << END_QUERY
+  DELETE FROM records WHERE (domain_id=$DOMAIN_ID AND name='$RECORD_FQDN')
+END_QUERY`
+
+echo "Done cleaning, sleeping 5 secs .. " >> $LOG_FILE
+sleep 5
+echo "Done sleeping." >> $LOG_FILE
+exit 0