From 2f467556bdf7b6db58db16c211bf5c1122fee8d1 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Thu, 19 Jul 2018 11:40:49 -0400 Subject: [PATCH] new ssl cert provisioning broke if a domain doesnt yet have a cert, fixes #1392 --- management/ssl_certificates.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py index 200a3463..76b0f8fa 100755 --- a/management/ssl_certificates.py +++ b/management/ssl_certificates.py @@ -142,7 +142,7 @@ def get_ssl_certificates(env): return ret def get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=False, use_main_cert=True): - if use_main_cert: + if use_main_cert or not allow_missing_cert: # Get the system certificate info. ssl_private_key = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_private_key.pem')) ssl_certificate = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_certificate.pem')) @@ -153,6 +153,7 @@ def get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=False "certificate_object": load_pem(load_cert_chain(ssl_certificate)[0]), } + if use_main_cert: if domain == env['PRIMARY_HOSTNAME']: # The primary domain must use the server certificate because # it is hard-coded in some service configuration files. @@ -225,7 +226,7 @@ def get_certificates_to_provision(env, limit_domains=None, show_valid_certs=True # DNS is all good. # Check for a good existing cert. - existing_cert = get_domain_ssl_files(domain, existing_certs, env, use_main_cert=False) + existing_cert = get_domain_ssl_files(domain, existing_certs, env, use_main_cert=False, allow_missing_cert=True) if existing_cert: existing_cert_check = check_certificate(domain, existing_cert['certificate'], existing_cert['private-key'], warn_if_expiring_soon=14)