fixed some autorenew letsencrypt problems
This commit is contained in:
nd
parent
c2c8727fe9
commit
29c8bfccdf
5 changed files with 121 additions and 20 deletions
78
files/acme-primitives.py
Executable file
78
files/acme-primitives.py
Executable file
|
|
@ -0,0 +1,78 @@
|
|||
#!/usr/bin/env python3
|
||||
import os
|
||||
import sys
|
||||
import subprocess
|
||||
import datetime
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from cryptography import x509
|
||||
from acme import client, messages, crypto_util, challenges
|
||||
from acme.errors import ConflictError, ValidationError
|
||||
import josepy
|
||||
import click
|
||||
|
||||
@click.group()
|
||||
def cli():
|
||||
pass
|
||||
|
||||
@cli.command(name="extract_domains")
|
||||
@click.argument('csr_file', type=click.File('rb'))
|
||||
def extract_domains(csr_file):
|
||||
csr = x509.load_pem_x509_csr(csr_file.read(), default_backend())
|
||||
san_ext = csr.extensions.get_extension_for_oid(x509.ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
|
||||
sans = san_ext.value.get_values_for_type(x509.DNSName)
|
||||
print(' '.join(sans))
|
||||
|
||||
@cli.command(name="remaining_days")
|
||||
@click.argument('crt_file', type=click.File('rb'))
|
||||
def remaining_days(crt_file):
|
||||
crt = x509.load_pem_x509_certificate(crt_file.read(), default_backend())
|
||||
print((crt.not_valid_after - datetime.datetime.now()).days)
|
||||
|
||||
@cli.command(name="get_cert")
|
||||
@click.option('--directory', default="https://acme-staging-v02.api.letsencrypt.org/directory")
|
||||
@click.option('--acc', required=True, type=click.File('rb'))
|
||||
@click.option('--csr', required=True, type=click.File('rb'))
|
||||
@click.argument('challenge_hook', nargs=-1)
|
||||
def get_cert(directory, acc, csr, challenge_hook):
|
||||
acc_key = serialization.load_pem_private_key(acc.read(), None, default_backend())
|
||||
jose = josepy.JWKRSA(key=acc_key)
|
||||
net = client.ClientNetwork(jose, user_agent="acme-primitives")
|
||||
directory = messages.Directory.from_json(net.get(directory).json())
|
||||
client_acme = client.ClientV2(directory, net=net)
|
||||
try:
|
||||
regr = client_acme.new_account(messages.NewRegistration.from_data(terms_of_service_agreed=True))
|
||||
except ConflictError as e:
|
||||
regr = client_acme.update_registration(messages.RegistrationResource(body=messages.Registration.from_data(terms_of_service_agreed=True)))
|
||||
csr_data = csr.read()
|
||||
orderr = client_acme.new_order(csr_data)
|
||||
for authz in orderr.authorizations:
|
||||
domain = authz.body.identifier.value
|
||||
for i in authz.body.challenges:
|
||||
if isinstance(i.chall, challenges.DNS01):
|
||||
response, validation = i.response_and_validation(jose)
|
||||
subprocess.run([*challenge_hook, i.validation_domain_name(domain), validation], env=os.environ.copy(), check=True)
|
||||
client_acme.answer_challenge(i, response)
|
||||
try:
|
||||
finalized_orderr = client_acme.poll_and_finalize(orderr)
|
||||
except ValidationError as e:
|
||||
for auth in e.failed_authzrs:
|
||||
msg += '\n Authorization for identifier %s failed.' % (
|
||||
auth.body.identifier)
|
||||
msg += '\n Here are the challenges that were not fulfilled:'
|
||||
for challenge in auth.body.challenges:
|
||||
msg += \
|
||||
'\n Challenge Type: %s' \
|
||||
'\n Error information: ' \
|
||||
'\n Type: %s' \
|
||||
'\n Details: %s \n\n' % (
|
||||
challenge.chall.typ,
|
||||
challenge.error.typ if challenge.error else '',
|
||||
challenge.error.detail if challenge.error else '',
|
||||
)
|
||||
print(msg, file=sys.stderr, flush=True)
|
||||
sys.exit(1)
|
||||
print(finalized_orderr.fullchain_pem)
|
||||
|
||||
if __name__ == '__main__':
|
||||
cli()
|
||||
Loading…
Add table
Add a link
Reference in a new issue