diff options
author | Andrew Cady <d@jerkface.net> | 2016-04-09 23:37:51 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-04-09 23:37:51 -0400 |
commit | f74375e4b6e8eaf8cfe508bcf31fb7315a0be728 (patch) | |
tree | 89f9f665a5736ec479c17796a1818afc07e6efb7 | |
parent | 2aceca9e7c7e0d39efc66a65168ceb3d9c587be5 (diff) |
Change certificate output directory
It's now saved under <host>/<domain> even if only a subdomain of <domain>
is being certified.
-rw-r--r-- | acme-certify.hs | 47 |
1 files changed, 23 insertions, 24 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 15b729f..8bad7ac 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -163,12 +163,10 @@ runUpdate :: UpdateOpts -> IO () | |||
163 | runUpdate UpdateOpts { .. } = do | 163 | runUpdate UpdateOpts { .. } = do |
164 | config <- Config.load "config.yaml" | 164 | config <- Config.load "config.yaml" |
165 | hostsConfig <- Config.subconfig "hosts" config | 165 | hostsConfig <- Config.subconfig "hosts" config |
166 | certReqDomains <- fmap concat <$> forM (Config.keys hostsConfig) $ \host -> | 166 | certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do |
167 | do | 167 | hostParts <- (Config.subconfig host hostsConfig >>= Config.subconfig "domains") <&> extractObject |
168 | hostParts <- (Config.subconfig host hostsConfig >>= Config.subconfig | 168 | return $ flip map (HashMap.keys hostParts) $ \domain -> |
169 | "domains") <&> extractObject | 169 | (unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts) |
170 | forM (HashMap.keys hostParts) $ \domain -> | ||
171 | return (unpack host, combineSubdomains domain hostParts) | ||
172 | 170 | ||
173 | when False $ forM_ certReqDomains print | 171 | when False $ forM_ certReqDomains print |
174 | 172 | ||
@@ -177,8 +175,8 @@ runUpdate UpdateOpts { .. } = do | |||
177 | 175 | ||
178 | Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key" | 176 | Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key" |
179 | 177 | ||
180 | let certSpecs = flip map certReqDomains $ \(host, domains) -> fmap ((,) host) $ | 178 | let certSpecs = flip map certReqDomains $ \(host, domain, domains) -> fmap ((,) host) $ |
181 | dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host | 179 | dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain |
182 | 180 | ||
183 | when False $ do | 181 | when False $ do |
184 | mapM_ print certSpecs | 182 | mapM_ print certSpecs |
@@ -189,19 +187,19 @@ runUpdate UpdateOpts { .. } = do | |||
189 | 187 | ||
190 | issuerCert <- readX509 letsEncryptX1CrossSigned | 188 | issuerCert <- readX509 letsEncryptX1CrossSigned |
191 | 189 | ||
192 | forM_ certReqDomains $ \(host, domains) -> do | 190 | forM_ certReqDomains $ \(host, domain, domains) -> when (host == "fifty") $ do |
193 | when (host == "fifty") $ do | 191 | putStrLn host |
194 | putStrLn host | 192 | let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain |
195 | let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host | 193 | print spec |
196 | print spec | ||
197 | 194 | ||
198 | when True $ | 195 | when True $ |
199 | forM_ (csDomains spec) $ uncurry canProvision >=> | 196 | forM_ (csDomains spec) $ uncurry canProvision >=> |
200 | (`unless` error "Error: cannot provision files to web server") | 197 | (`unless` error "Error: cannot provision files to web server") |
201 | let terms = defaultTerms | 198 | |
202 | directoryUrl = stagingDirectoryUrl | 199 | let terms = defaultTerms |
203 | email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) | 200 | directoryUrl = stagingDirectoryUrl |
204 | print =<< fetchCertificate directoryUrl terms email issuerCert spec | 201 | email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) |
202 | print =<< fetchCertificate directoryUrl terms email issuerCert spec | ||
205 | 203 | ||
206 | error "Error: unimplemented" | 204 | error "Error: unimplemented" |
207 | where | 205 | where |
@@ -217,18 +215,18 @@ runUpdate UpdateOpts { .. } = do | |||
217 | chooseProvisioner host (VHostSpec domain pathInfo) = | 215 | chooseProvisioner host (VHostSpec domain pathInfo) = |
218 | (domain, provisionViaRemoteFile host <$> pathInfo) | 216 | (domain, provisionViaRemoteFile host <$> pathInfo) |
219 | 217 | ||
220 | certSpec :: FilePath -> Keys -> String -> [(DomainName, HttpProvisioner)] -> CertSpec | 218 | certSpec :: FilePath -> Keys -> String -> DomainName -> [(DomainName, HttpProvisioner)] -> CertSpec |
221 | certSpec baseDir keys host requestDomains = CertSpec { .. } | 219 | certSpec baseDir keys host domain requestDomains = CertSpec { .. } |
222 | where | 220 | where |
223 | csDomains = requestDomains | 221 | csDomains = requestDomains |
224 | csSkipDH = True -- TODO: implement | 222 | csSkipDH = True -- TODO: implement |
225 | csUserKeys = keys | 223 | csUserKeys = keys |
226 | csCertificateDir = baseDir </> host </> (domainToString . fst) (head requestDomains) | 224 | csCertificateDir = baseDir </> host </> domainToString domain |
227 | 225 | ||
228 | combineSubdomains :: AsPrimitive v => Text -> HashMap.HashMap Text v -> [VHostSpec] | 226 | combineSubdomains :: AsPrimitive v => Text -> HashMap.HashMap Text v -> [VHostSpec] |
229 | combineSubdomains domain subs = | 227 | combineSubdomains domain subs = |
230 | map (makeVHostSpec (domainName' $ unpack domain)) $ | 228 | map (makeVHostSpec (domainName' $ unpack domain)) $ |
231 | sort -- relying on the fact that '.' sorts first | 229 | sort -- '.' sorts first |
232 | $ concat $ HashMap.lookup domain subs & toListOf (_Just . _String . to (words . unpack)) | 230 | $ concat $ HashMap.lookup domain subs & toListOf (_Just . _String . to (words . unpack)) |
233 | 231 | ||
234 | domainToString :: DomainName -> String | 232 | domainToString :: DomainName -> String |
@@ -266,6 +264,7 @@ remoteTemp host fileName content = do | |||
266 | where | 264 | where |
267 | ssh cmd = runInteractiveProcess "ssh" (host : words "-- sh -c" ++ [escape cmd]) Nothing Nothing | 265 | ssh cmd = runInteractiveProcess "ssh" (host : words "-- sh -c" ++ [escape cmd]) Nothing Nothing |
268 | 266 | ||
267 | dirname :: String -> String | ||
269 | dirname = dropWhileEnd (/= '/') | 268 | dirname = dropWhileEnd (/= '/') |
270 | 269 | ||
271 | provisionViaRemoteFile :: String -> FilePath -> HttpProvisioner | 270 | provisionViaRemoteFile :: String -> FilePath -> HttpProvisioner |