From 9c6efad55d975ad7be9cb5016c4898d8fbc5b322 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Wed, 3 Jul 2019 16:40:23 -0700 Subject: [PATCH] letsencrypt: Implement re-obtain separately Signed-off-by: Sunil Mohan Adapa Reviewed-by: Joseph Nuthalapati --- plinth/modules/letsencrypt/__init__.py | 17 ++++++++++++++--- .../letsencrypt/templates/letsencrypt.html | 2 +- plinth/modules/letsencrypt/urls.py | 6 ++++-- plinth/modules/letsencrypt/views.py | 17 +++++++++++++++++ 4 files changed, 36 insertions(+), 6 deletions(-) diff --git a/plinth/modules/letsencrypt/__init__.py b/plinth/modules/letsencrypt/__init__.py index 097a36107..a6bd1d042 100644 --- a/plinth/modules/letsencrypt/__init__.py +++ b/plinth/modules/letsencrypt/__init__.py @@ -119,10 +119,21 @@ def diagnose(): def certificate_obtain(domain): """Obtain a certificate for a domain and notify handlers.""" actions.superuser_run('letsencrypt', ['obtain', '--domain', domain]) + components.on_certificate_event('obtained', [domain], None) - # Don't trigger an obtained event. Obtaining a certificate freshly also - # leads to a renewal (deploy) event from Let's Encrypt. There is no easy - # way to distinguish if the event is an initial event or a renewal event. + +def certificate_reobtain(domain): + """Re-obtain a certificate for a domain and notify handlers. + + Don't trigger an obtained event. Re-obtaining a certificate also leads to a + renewal (deploy) event from Let's Encrypt. Further, this event is not sent + when obtaining the certificate for the first time. There is no easy way to + distinguish if a renewal event is trigger because of obtain or because of + re-obtain. Hence, handle re-obtain differently from obtain and don't + trigger obtain event (LE will trigger a renewal event). + + """ + actions.superuser_run('letsencrypt', ['obtain', '--domain', domain]) def certificate_revoke(domain): diff --git a/plinth/modules/letsencrypt/templates/letsencrypt.html b/plinth/modules/letsencrypt/templates/letsencrypt.html index 0fd2d503f..457267dd7 100644 --- a/plinth/modules/letsencrypt/templates/letsencrypt.html +++ b/plinth/modules/letsencrypt/templates/letsencrypt.html @@ -94,7 +94,7 @@ {% if domain_status.certificate_available %}
+ action="{% url 'letsencrypt:re-obtain' domain %}"> {% csrf_token %} diff --git a/plinth/modules/letsencrypt/urls.py b/plinth/modules/letsencrypt/urls.py index a2dc84a15..ebd9caba4 100644 --- a/plinth/modules/letsencrypt/urls.py +++ b/plinth/modules/letsencrypt/urls.py @@ -24,10 +24,12 @@ from . import views urlpatterns = [ url(r'^sys/letsencrypt/$', views.index, name='index'), - url(r'^sys/letsencrypt/revoke/(?P[^/]+)/$', views.revoke, - name='revoke'), url(r'^sys/letsencrypt/obtain/(?P[^/]+)/$', views.obtain, name='obtain'), + url(r'^sys/letsencrypt/re-obtain/(?P[^/]+)/$', views.reobtain, + name='re-obtain'), + url(r'^sys/letsencrypt/revoke/(?P[^/]+)/$', views.revoke, + name='revoke'), url(r'^sys/letsencrypt/delete/(?P[^/]+)/$', views.delete, name='delete'), ] diff --git a/plinth/modules/letsencrypt/views.py b/plinth/modules/letsencrypt/views.py index b909e50f5..ed7abea31 100644 --- a/plinth/modules/letsencrypt/views.py +++ b/plinth/modules/letsencrypt/views.py @@ -82,6 +82,23 @@ def obtain(request, domain): return redirect(reverse_lazy('letsencrypt:index')) +@require_POST +def reobtain(request, domain): + """Re-obtain a certificate for a given domain.""" + try: + letsencrypt.certificate_reobtain(domain) + messages.success( + request, + _('Certificate successfully obtained for domain {domain}').format( + domain=domain)) + except ActionError as exception: + messages.error( + request, + _('Failed to obtain certificate for domain {domain}: {error}'). + format(domain=domain, error=exception.args[2])) + return redirect(reverse_lazy('letsencrypt:index')) + + @require_POST def delete(request, domain): """Delete a certificate for a given domain, and cleanup renewal config."""