Skip to content

Commit 369f6d5

Browse files
usmannasirusmannasir
committed
Fix acme.sh not creating domain configurations in /root/.acme.sh/
Separate acme.sh certificate issuance and installation steps to ensure domain configurations are properly stored. Previously, combining --issue with --cert-file/--key-file/--fullchain-file in a single command caused acme.sh to skip storing domain configs, breaking automatic renewals and requiring manual certificate recreation for domain aliases.
1 parent 4983dec commit 369f6d5

File tree

1 file changed

+40
-14
lines changed

1 file changed

+40
-14
lines changed

plogical/sslUtilities.py

Lines changed: 40 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -820,10 +820,9 @@ def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None,
820820
logging.CyberCPLogFileWriter.writeToFile(
821821
f"www.{virtualHostName} has no DNS records, excluding from acme.sh SSL request")
822822

823+
# Step 1: Issue the certificate (staging) - this stores config in /root/.acme.sh/
823824
command = acmePath + " --issue" + domain_list \
824-
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \
825-
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --staging' \
826-
+ ' --webroot-path /usr/local/lsws/Example/html'
825+
+ ' -w /usr/local/lsws/Example/html -k ec-256 --force --staging'
827826

828827
try:
829828
result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True)
@@ -833,10 +832,9 @@ def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None,
833832
universal_newlines=True, shell=True)
834833

835834
if result.returncode == 0:
835+
# Step 2: Issue the certificate (production) - this stores config in /root/.acme.sh/
836836
command = acmePath + " --issue" + domain_list \
837-
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \
838-
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt' \
839-
+ ' --webroot-path /usr/local/lsws/Example/html'
837+
+ ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt'
840838

841839
try:
842840
result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True)
@@ -846,11 +844,25 @@ def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None,
846844
universal_newlines=True, shell=True)
847845

848846
if result.returncode == 0:
849-
logging.CyberCPLogFileWriter.writeToFile(
850-
"Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName, 0)
851-
logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, result.stdout,
852-
'SSL Notification for %s.' % (virtualHostName))
853-
return 1
847+
# Step 3: Install the certificate to the desired location
848+
install_command = acmePath + " --install-cert -d " + virtualHostName \
849+
+ ' --cert-file ' + existingCertPath + '/cert.pem' \
850+
+ ' --key-file ' + existingCertPath + '/privkey.pem' \
851+
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem'
852+
853+
try:
854+
install_result = subprocess.run(install_command, capture_output=True, universal_newlines=True, shell=True)
855+
except TypeError:
856+
# Fallback for Python < 3.7
857+
install_result = subprocess.run(install_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
858+
universal_newlines=True, shell=True)
859+
860+
if install_result.returncode == 0:
861+
logging.CyberCPLogFileWriter.writeToFile(
862+
"Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName, 0)
863+
logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, result.stdout,
864+
'SSL Notification for %s.' % (virtualHostName))
865+
return 1
854866
return 0
855867
except Exception as e:
856868
logging.CyberCPLogFileWriter.writeToFile(str(e))
@@ -876,9 +888,9 @@ def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None,
876888
if sslUtilities.checkDNSRecords(f'www.{aliasDomain}'):
877889
domain_list += " -d www." + aliasDomain
878890

891+
# Step 1: Issue the certificate - this stores config in /root/.acme.sh/
879892
command = acmePath + " --issue" + domain_list \
880-
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \
881-
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt'
893+
+ ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt'
882894

883895
try:
884896
result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True)
@@ -888,7 +900,21 @@ def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None,
888900
universal_newlines=True, shell=True)
889901

890902
if result.returncode == 0:
891-
return 1
903+
# Step 2: Install the certificate to the desired location
904+
install_command = acmePath + " --install-cert -d " + virtualHostName \
905+
+ ' --cert-file ' + existingCertPath + '/cert.pem' \
906+
+ ' --key-file ' + existingCertPath + '/privkey.pem' \
907+
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem'
908+
909+
try:
910+
install_result = subprocess.run(install_command, capture_output=True, universal_newlines=True, shell=True)
911+
except TypeError:
912+
# Fallback for Python < 3.7
913+
install_result = subprocess.run(install_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
914+
universal_newlines=True, shell=True)
915+
916+
if install_result.returncode == 0:
917+
return 1
892918
return 0
893919
except Exception as e:
894920
logging.CyberCPLogFileWriter.writeToFile(str(e))

0 commit comments

Comments
 (0)