Currently, when domains is for an app's LE component is set as '*'. Calling
setup_certificates() results in copying certificate for the '*' domain instead
copying certificates for each of the domains on the system. Fix this by
implementing a special case where certificates are copied for all domains that
can have certificates.
Tests:
- Implement and run unit tests.
- Certificates are copied to /etc/{postfix,dovecot}/letsencrypt/ when email
server uses LE components with '*' for domains parameter.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2156.
Tests:
- Remove a domain from System -> Config, 'letsencrypt revoke' action is not
invoked.
- Triggering a manual revoke operation still leads to action getting triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove checking of the sender is 'test' and use mocking.
- Remove need for tests being run as root.
- Simplify log messages, avoid pylint warnings.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Let's Encrypt module listens to the following django signals and takes the
appropriate actions.
- domain_added
- domain_removed
- domainname_change
Do not revoke empty domains.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is the first implementation for obtaining certificates from Let's
Encrypt. Following the features and limitations.
- Requires manual operation.
- Registrations are done anonymously.
- Supports revoking and re-obtaining certificates. Does not have a way
to show if a certficate is already renewed.
- Automatic renewal is not available.
- Details messages in case of errors.
- Has ability to switch to testing mode by using LE's staging servers.
- Sets up Apache configuration for the domain and enables/disables it.
When certificates are not available for a domain, default website
configuration is used. When certificates are available, separate
SSL website configuration for each domain is used.
- Many domain will work with a single IP address with the help of Server
Name Indication (SNI) which is supported by all modern browsers.
- Supports diagnostics on websites.
