| |
56 |
56 |
-package_key "acs-admin" \ |
| |
57 |
57 |
-parameter ExpireCertificateWarningPeriod \ |
| |
58 |
58 |
-default 30] |
| |
59 |
59 |
if {$warnInDays > -1 && $days < $warnInDays} { |
| |
60 |
60 |
lappend critCertInfo $info |
| |
61 |
61 |
} |
| |
62 |
62 |
set processed($certfile) 1 |
| |
63 |
63 |
} |
| |
64 |
64 |
} |
| |
65 |
65 |
} |
| |
66 |
66 |
|
| |
67 |
67 |
if {[llength $critCertInfo] > 0} { |
| |
68 |
68 |
set to_addr [parameter::get_from_package_key \ |
| |
69 |
69 |
-package_key "acs-admin" \ |
| |
70 |
70 |
-parameter ExpireCertificateEmail \ |
| |
71 |
71 |
-default ""] |
| |
72 |
72 |
if {$to_addr eq ""} { |
| |
73 |
73 |
set to_addr [ad_host_administrator] |
| |
74 |
74 |
} |
| |
75 |
75 |
if {$to_addr ne ""} { |
| |
|
76 |
set mailSubject "Certificate of [ad_system_name] expires soon" |
| |
76 |
77 |
set report "" |
| |
77 |
78 |
if {[info commands ::letsencrypt::Client] ne ""} { |
| |
78 |
79 |
|
| |
79 |
80 |
# |
| |
80 |
81 |
# Make sure, UseCanonicalLocation is NOT set, |
| |
81 |
82 |
# since otherwise the requests from |
| |
82 |
83 |
# letsencrypt will be redirected. One could |
| |
83 |
84 |
# think about other solution, such ignoring |
| |
84 |
85 |
# mapping to the canonical location for |
| |
85 |
86 |
# letsencryp URLs. |
| |
86 |
87 |
# |
| |
87 |
88 |
set param_exists [db_0or1row check_params { |
| |
88 |
89 |
select 1 from apm_parameters |
| |
89 |
90 |
where package_key = 'acs-kernel' |
| |
90 |
91 |
and parameter_name = 'UseCanonicalLocation' |
| |
91 |
92 |
}] |
| |
92 |
93 |
if {!$param_exists} { |
| |
93 |
94 |
catch {apm_parameter_register UseCanonicalLocation "Use Canonical Location" acs-kernel 0 number } |
| |
94 |
95 |
} |
| |
95 |
96 |
ad_parameter_cache -delete $::acs::kernel_id UseCanonicalLocation |
| |
| |
118 |
119 |
if {[::letsencrypt::Client info lookup parameters \ |
| |
119 |
120 |
create key_type] ne ""} { |
| |
120 |
121 |
set key_type_parameter "-key_type $key_type" |
| |
121 |
122 |
} else { |
| |
122 |
123 |
set key_type_parameter "" |
| |
123 |
124 |
} |
| |
124 |
125 |
set c [::letsencrypt::Client new \ |
| |
125 |
126 |
-API $api \ |
| |
126 |
127 |
{*}$key_type_parameter \ |
| |
127 |
128 |
-background \ |
| |
128 |
129 |
-domains {} \ |
| |
129 |
130 |
] |
| |
130 |
131 |
ns_log notice "ssl: call getCertificate" |
| |
131 |
132 |
$c getCertificate |
| |
132 |
133 |
ns_log notice "ssl: call getCertificate DONE" |
| |
133 |
134 |
append report \n[ad_html_to_text [$c cget -log]]\n |
| |
134 |
135 |
$c destroy |
| |
135 |
136 |
|
| |
136 |
137 |
} on ok {result} { |
| |
137 |
138 |
ns_log notice "letsencrypt: automated renew request succeeded: $result" |
| |
|
139 |
set success "success" |
| |
138 |
140 |
} on error {errorMsg} { |
| |
139 |
141 |
append report "Error: $errorMsg\nConsider upgrading to letsencrypt 0.6\n" |
| |
140 |
142 |
ns_log notice "letsencrypt: automated renew request failed: $errorMsg" |
| |
|
143 |
set success "error" |
| |
141 |
144 |
} |
| |
142 |
145 |
|
| |
143 |
146 |
parameter::set_value \ |
| |
144 |
147 |
-package_id $::acs::kernel_id \ |
| |
145 |
148 |
-parameter UseCanonicalLocation \ |
| |
146 |
149 |
-value $oldValue |
| |
|
150 |
set mailSubject "Certificate of [ad_system_name] renewal ($success)" |
| |
147 |
151 |
} |
| |
148 |
152 |
append report \n[string repeat = 72]\n |
| |
149 |
153 |
|
| |
150 |
154 |
set certLabel [expr {[llength $critCertInfo] > 1 ? "certificates" : "certificate"}] |
| |
151 |
155 |
set body [ns_trim -delimiter | { |
| |
152 |
156 |
|Dear Webmaster of [ad_system_name], |
| |
153 |
157 |
| |
| |
154 |
158 |
|The following $certLabel of your site will expire soon: |
| |
155 |
159 |
| |
| |
156 |
160 |
| - [join $critCertInfo "\n- "] |
| |
157 |
161 |
| |
| |
158 |
162 |
|${report}Your friendly daemon |
| |
159 |
163 |
}] |
| |
160 |
164 |
#set to_addr neumann@wu.ac.at ;# can be activated for testing purposes |
| |
161 |
165 |
acs_mail_lite::send -send_immediately \ |
| |
162 |
166 |
-to_addr $to_addr \ |
| |
163 |
167 |
-from_addr [ad_system_owner] \ |
| |
164 |
|
-subject "Certificate of [ad_system_name] expires soon" \ |
| |
|
168 |
-subject $mailSubject \ |
| |
165 |
169 |
-body [subst $body] |
| |
166 |
170 |
} |
| |
167 |
171 |
} |
| |
168 |
172 |
|
| |
169 |
173 |
return [expr {[llength $critCertInfo] > 0}] |
| |
170 |
174 |
} |
| |
171 |
175 |
} |
| |
172 |
176 |
} |
| |
173 |
177 |
|
| |
174 |
178 |
# Local variables: |
| |
175 |
179 |
# mode: tcl |
| |
176 |
180 |
# tcl-indent-level: 4 |
| |
177 |
181 |
# indent-tabs-mode: nil |
| |
178 |
182 |
# End: |
