mirror
/
cyberpanel
mirror of https://github.com/usmannasir/cyberpanel.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix acme.sh not creating domain configurations in /root/.acme.sh/ 

Separate acme.sh certificate issuance and installation steps to ensure
domain configurations are properly stored. Previously, combining --issue
with --cert-file/--key-file/--fullchain-file in a single command caused
acme.sh to skip storing domain configs, breaking automatic renewals and
requiring manual certificate recreation for domain aliases.
This commit is contained in:
usmannasir 2025-10-22 12:53:05 +05:00
parent 4983decba5
commit 369f6d539b
1 changed files with 40 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
plogical/sslUtilities.py
View File

@ -820,10 +820,9 @@ context /.well-known/acme-challenge {
logging.CyberCPLogFileWriter.writeToFile( logging.CyberCPLogFileWriter.writeToFile(
f"www.{virtualHostName} has no DNS records, excluding from acme.sh SSL request") f"www.{virtualHostName} has no DNS records, excluding from acme.sh SSL request")
# Step 1: Issue the certificate (staging) - this stores config in /root/.acme.sh/
command = acmePath + " --issue" + domain_list \ command = acmePath + " --issue" + domain_list \
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \ + ' -w /usr/local/lsws/Example/html -k ec-256 --force --staging'
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --staging' \
+ ' --webroot-path /usr/local/lsws/Example/html'
try: try:
result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True) result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True)
@ -833,10 +832,9 @@ context /.well-known/acme-challenge {
universal_newlines=True, shell=True) universal_newlines=True, shell=True)
if result.returncode == 0: if result.returncode == 0:
# Step 2: Issue the certificate (production) - this stores config in /root/.acme.sh/
command = acmePath + " --issue" + domain_list \ command = acmePath + " --issue" + domain_list \
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \ + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt'
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt' \
+ ' --webroot-path /usr/local/lsws/Example/html'
try: try:
result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True) result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True)
@ -846,6 +844,20 @@ context /.well-known/acme-challenge {
universal_newlines=True, shell=True) universal_newlines=True, shell=True)
if result.returncode == 0: if result.returncode == 0:
# Step 3: Install the certificate to the desired location
install_command = acmePath + " --install-cert -d " + virtualHostName \
+ ' --cert-file ' + existingCertPath + '/cert.pem' \
+ ' --key-file ' + existingCertPath + '/privkey.pem' \
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem'
try:
install_result = subprocess.run(install_command, capture_output=True, universal_newlines=True, shell=True)
except TypeError:
# Fallback for Python < 3.7
install_result = subprocess.run(install_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
universal_newlines=True, shell=True)
if install_result.returncode == 0:
logging.CyberCPLogFileWriter.writeToFile( logging.CyberCPLogFileWriter.writeToFile(
"Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName, 0) "Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName, 0)
logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, result.stdout, logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, result.stdout,
@ -876,9 +888,9 @@ context /.well-known/acme-challenge {
if sslUtilities.checkDNSRecords(f'www.{aliasDomain}'): if sslUtilities.checkDNSRecords(f'www.{aliasDomain}'):
domain_list += " -d www." + aliasDomain domain_list += " -d www." + aliasDomain
# Step 1: Issue the certificate - this stores config in /root/.acme.sh/
command = acmePath + " --issue" + domain_list \ command = acmePath + " --issue" + domain_list \
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \ + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt'
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt'
try: try:
result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True) result = subprocess.run(command, capture_output=True, universal_newlines=True, shell=True)
@ -888,6 +900,20 @@ context /.well-known/acme-challenge {
universal_newlines=True, shell=True) universal_newlines=True, shell=True)
if result.returncode == 0: if result.returncode == 0:
# Step 2: Install the certificate to the desired location
install_command = acmePath + " --install-cert -d " + virtualHostName \
+ ' --cert-file ' + existingCertPath + '/cert.pem' \
+ ' --key-file ' + existingCertPath + '/privkey.pem' \
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem'
try:
install_result = subprocess.run(install_command, capture_output=True, universal_newlines=True, shell=True)
except TypeError:
# Fallback for Python < 3.7
install_result = subprocess.run(install_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
universal_newlines=True, shell=True)
if install_result.returncode == 0:
return 1 return 1
return 0 return 0
except Exception as e: except Exception as e: