Commit Graph

174 Commits

Author SHA1 Message Date
Joshua Tauberer 399f9d9bdf in status checks, clear bind9 cache using rndc rather than restarting bind9 2014-12-26 13:22:14 +00:00
Marc Schiller c3a7e3413b Fixed a small status check bug, where secondary dns server check fails misleadingly. 2014-12-09 12:40:32 +01:00
Joshua Tauberer ceba53f1c4 explain how to install a multi-domain or wildcard ssl cert; if one is installed, the Replace Cert button in the admin for non-primary domains should not replace the cert on the primary domain 2014-12-05 14:25:14 -05:00
Joshua Tauberer a7710e9058 dns.resolver.query treats hostnames as relative names if they don't end in a period
Relative hostnames have a fall-back lookup with the machine's hostname appended, which makes no sense. Add a period, e.g. "my.hostname.com" => "my.hostname.com.", to prevent that.

This caused false positive Spamhaus checks. Fixes #185.
2014-11-21 15:16:59 +00:00
Joshua Tauberer ec73c171c7 when installing a ssl cert for the primary hostname, dns, postfix, and dovecot all need to be updated/kicked
see https://discourse.mailinabox.email/t/there-is-a-problem-with-the-ssl-certificate/144/4
2014-10-28 11:38:04 +00:00
Joshua Tauberer f9acf0adec better errors for ssl certificates 2014-10-24 21:30:33 +00:00
Joshua Tauberer b75fbf22ca clear the local dns cache each time the status checks are run by restarting bind9 2014-10-23 17:06:33 +00:00
Joshua Tauberer b5b3fca137 report free disk space in the admin 2014-10-13 14:12:16 +00:00
Joshua Tauberer 17331e7d82 adding a really slick ssl certificate installation form in the control panel 2014-10-10 15:49:14 +00:00
Joshua Tauberer aac6e49b94 spelling typo 2014-10-10 13:50:44 +00:00
Joshua Tauberer 0441a2e2e3 make a self-signed certificate on a non-primary domain a warning rather than an error, fixes #95 2014-10-07 20:41:07 +00:00
Joshua Tauberer a56bb984d6 handle catastrophically bad certificates rather than raising an exception 2014-10-07 14:58:21 +00:00
Joshua Tauberer 7d1c0b3834 show SSL certificate expiration info in the control panel even long before certificates expire 2014-10-07 14:49:36 +00:00
Joshua Tauberer 20892b5d5b status check on ns records should now take into account that secondary dns may be customized, see #223 2014-10-05 18:42:52 +00:00
Joshua Tauberer 4ae76aa2dd dnssec: use RSASHA256 keys for .email domains 2014-10-04 17:29:42 +00:00
Joshua Tauberer 779d921410 status checks: put DNSSEC tests in a better order w.r.t. other tests
* If the PRIMARY_HOSTNAME is in a zone with a DS record set at the registrar, show any DNSSEC failure (but only a failure) immediately since it is probably the cause of other DNS errors displayed later.
* For zones, if a DS record is set at the register, do the DNSSEC test first because even the NS test will fail if DNSSEC is improperly configure.
* But if a DS record is not set, the this is just a suggestion to configure DNSSEC so offer the suggestion last --- after mail and web checks.

see https://discourse.mailinabox.email/t/dns-nameserver-gandi-glue-records-issues/105/3
2014-10-01 12:13:11 +00:00
Joshua Tauberer 05510f25a5 warn if a SSL cert is expiring in 30 days 2014-09-21 13:37:30 +00:00
Joshua Tauberer b8ea7282b0 don't run `apt-get update` when generating the status checks output because it is so slow and should be update daily by cron anyway 2014-09-21 13:37:30 +00:00
Joshua Tauberer ff0c85615b correct typo in comment 2014-09-15 10:02:25 +00:00
Joshua Tauberer f09da719f7 show the response from spamhaus.org in the status checks output 2014-09-08 20:27:26 +00:00
Joshua Tauberer cce6bc02a8 add links to IANA tables for DNSSEC algorithm/digest number assignemnts 2014-09-07 10:59:20 -04:00
Joshua Tauberer 03f9358de4 when checking SSL certs are OK, check for wildcard certificates
fixes #175 (hopefully)
2014-09-03 17:31:47 +00:00
Joshua Tauberer 2d5097345a move the package update check into the system status checks 2014-08-21 11:24:40 +00:00
Joshua Tauberer 294d19e0af rename whats_next.py to status_checks.py 2014-08-21 10:43:55 +00:00