Implement @pde's suggestions for Apache

From this IRC log: 2015-11-02 16:31:29 @pdeee for >= 2.4.8: 2015-11-02 16:32:23 @pdeee add new SSLCertificateFile pointing to fullchain.pem 2015-11-02 16:33:10 @pdeee remove all preexisting SSLCertificateFile, SSLCertificateChainFile, SSLCACertificatePath, and possibly other fields subject to careful research :) 2015-11-02 16:33:21 @pdeee for < 2.4.8: 2015-11-02 16:34:03 @pdeee add SSLCertificateFile pointing to cert.pem 2015-11-02 16:34:42 @pdeee and SSLCertificateChainFile pointing to chain.pem 2015-11-02 16:34:50 xamnesiax gotcha 2015-11-02 16:34:55 @pdeee remove all preexisting/conflicting entries 2015-11-02 16:35:19 xamnesiax Am I correct to assume that this can all be done from deploy_certs in the apache configurator? 2015-11-02 16:36:32 xamnesiax deploy_cert * 2015-11-02 16:36:48 @pdeee I think so 2015-11-02 16:36:59 @pdeee again, jdkasten may wish to say more Pull strings out for find_dir A bit of logging Add version logging Logging, temporarily remove one branch of the conditional for testing Fix bad directive stringgrabbing code Fix directive removal logic Grab string from tree to be removed
2026-01-21 19:01:07 +03:00 · 2015-11-08 14:19:58 -06:00
parent e653aa49f8
commit 18da7dfce2
1 changed files with 16 additions and 8 deletions
--- a/letsencrypt-apache/letsencrypt_apache/configurator.py
+++ b/letsencrypt-apache/letsencrypt_apache/configurator.py
@@ -212,14 +212,22 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
        logger.info("Deploying Certificate to VirtualHost %s", vhost.filep)

        # Assign the final directives; order is maintained in find_dir
-        self.aug.set(path["cert_path"][-1], cert_path)
-        self.aug.set(path["cert_key"][-1], key_path)
-        if chain_path is not None:
-            if not path["chain_path"]:
-                self.parser.add_dir(
-                    vhost.path, "SSLCertificateChainFile", chain_path)
-            else:
-                self.aug.set(path["chain_path"][-1], chain_path)
+        if self.version >= (2, 4, 8):
+            logger.debug("Apache version (%s) is >= 2.4.8",
+                         ".".join(map(str,self.version)))
+            for directive in ["SSLCertificateKeyFile", "SSLCertificateChainFile",
+                              "SSLCACertificatePath"]:
+                logging.debug("Trying to delete directive '%s'", directive)
+                directive_tree = self.parser.find_dir(directive, None, vhost.path)
+                logging.debug(directive_tree)
+                if directive_tree:
+                    logger.debug("Removing directive %s", directive)
+                    self.aug.remove(re.sub(r"/\w*$", "", directive_tree[-1]))
+            logging.debug("fullchain path: %s", fullchain_path)
+            self.aug.set(path["cert_path"][-1], fullchain_path)
+        elif self.version < (2, 4, 8):
+            logger.debug("Apache version (%s) is < 2.4.8",
+                         ".".join(map(str,self.version)))

        # Save notes about the transaction that took place
        self.save_notes += ("Changed vhost at %s with addresses of %s\n"