From 18da7dfce2e9128b2e27c89935a9f3be4385a03e Mon Sep 17 00:00:00 2001 From: Liam Marshall Date: Sun, 8 Nov 2015 14:19:58 -0600 Subject: [PATCH] Implement @pde's suggestions for Apache From this IRC log: 2015-11-02 16:31:29 @pdeee for >= 2.4.8: 2015-11-02 16:32:23 @pdeee add new SSLCertificateFile pointing to fullchain.pem 2015-11-02 16:33:10 @pdeee remove all preexisting SSLCertificateFile, SSLCertificateChainFile, SSLCACertificatePath, and possibly other fields subject to careful research :) 2015-11-02 16:33:21 @pdeee for < 2.4.8: 2015-11-02 16:34:03 @pdeee add SSLCertificateFile pointing to cert.pem 2015-11-02 16:34:42 @pdeee and SSLCertificateChainFile pointing to chain.pem 2015-11-02 16:34:50 xamnesiax gotcha 2015-11-02 16:34:55 @pdeee remove all preexisting/conflicting entries 2015-11-02 16:35:19 xamnesiax Am I correct to assume that this can all be done from deploy_certs in the apache configurator? 2015-11-02 16:36:32 xamnesiax deploy_cert * 2015-11-02 16:36:48 @pdeee I think so 2015-11-02 16:36:59 @pdeee again, jdkasten may wish to say more Pull strings out for find_dir A bit of logging Add version logging Logging, temporarily remove one branch of the conditional for testing Fix bad directive stringgrabbing code Fix directive removal logic Grab string from tree to be removed --- .../letsencrypt_apache/configurator.py | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index d376fe4b6..173be4104 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -212,14 +212,22 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): logger.info("Deploying Certificate to VirtualHost %s", vhost.filep) # Assign the final directives; order is maintained in find_dir - self.aug.set(path["cert_path"][-1], cert_path) - self.aug.set(path["cert_key"][-1], key_path) - if chain_path is not None: - if not path["chain_path"]: - self.parser.add_dir( - vhost.path, "SSLCertificateChainFile", chain_path) - else: - self.aug.set(path["chain_path"][-1], chain_path) + if self.version >= (2, 4, 8): + logger.debug("Apache version (%s) is >= 2.4.8", + ".".join(map(str,self.version))) + for directive in ["SSLCertificateKeyFile", "SSLCertificateChainFile", + "SSLCACertificatePath"]: + logging.debug("Trying to delete directive '%s'", directive) + directive_tree = self.parser.find_dir(directive, None, vhost.path) + logging.debug(directive_tree) + if directive_tree: + logger.debug("Removing directive %s", directive) + self.aug.remove(re.sub(r"/\w*$", "", directive_tree[-1])) + logging.debug("fullchain path: %s", fullchain_path) + self.aug.set(path["cert_path"][-1], fullchain_path) + elif self.version < (2, 4, 8): + logger.debug("Apache version (%s) is < 2.4.8", + ".".join(map(str,self.version))) # Save notes about the transaction that took place self.save_notes += ("Changed vhost at %s with addresses of %s\n"