Only re-run letsencrypt verfication when necessary.

This commit is contained in:
Shuai Lin 2016-11-25 15:45:47 +08:00
parent ee152d0663
commit 0d2ed6aa87
2 changed files with 29 additions and 12 deletions

View file

@ -17,7 +17,8 @@ import time
from utils import (
call, get_conf, get_install_dir, show_progress,
get_script, render_template, get_seafile_version, eprint
get_script, render_template, get_seafile_version, eprint,
cert_has_valid_days
)
seafile_version = get_seafile_version()
@ -33,12 +34,30 @@ def init_letsencrypt():
os.mkdir(ssl_dir)
domain = get_conf('server.hostname')
context = {
'ssl_dir': ssl_dir,
'domain': domain,
}
render_template(
'/templates/letsencrypt.cron.template',
join(generated_dir, 'letsencrypt.cron'),
context
)
ssl_crt = '/shared/ssl/{}.crt'.format(domain)
if exists(ssl_crt):
show_progress('Found existing cert file {}'.format(ssl_crt))
if cert_has_valid_days(ssl_crt, 30):
show_progress('Skip letsencrypt verification since we have a valid certificate')
return
show_progress('Starting letsencrypt verification')
# Create a temporary nginx conf to start a server, which would accessed by letsencrypt
context = {
'https': False,
'domain': domain,
}
# Create a temporary nginx conf to start a server, which would accessed by letsencrypt
render_template('/templates/seafile.nginx.conf.template',
'/etc/nginx/sites-enabled/seafile.nginx.conf', context)
@ -53,15 +72,6 @@ def init_letsencrypt():
# time.sleep(1000)
# sys.exit(1)
context = {
'ssl_dir': ssl_dir,
'domain': domain,
}
render_template(
'/templates/letsencrypt.cron.template',
join(generated_dir, 'letsencrypt.cron'),
context
)
def generate_local_nginx_conf():
# Now create the final nginx configuratin

View file

@ -240,3 +240,10 @@ def render_template(template, target, context):
def show_progress(msg):
msg = '[{}] {}'.format(datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'), green(msg))
eprint(msg)
def cert_has_valid_days(cert, days):
assert exists(cert)
secs = 86400 * int(days)
retcode = call('openssl x509 -checkend {} -noout -in {}'.format(secs, cert), check_call=False)
return retcode == 0