[#1202] Add force renewal option to certbot_new function when the dom…

…ains changed This commit adds a new optional parameter, `force`, to the `certbot_new` function in the `certbot-new.py` file. The `force` parameter allows for forcing the renewal of certificates even if they are not due for renewal. This can be useful in certain scenarios where certificate updates are required regardless of their expiration date.
bunkerity · May 23, 2024 · 4361199 · 4361199
1 parent f4b25af
commit 4361199
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/src/common/core/letsencrypt/jobs/certbot-new.py b/src/common/core/letsencrypt/jobs/certbot-new.py
@@ -29,7 +29,7 @@
 LETS_ENCRYPT_LOGS_DIR = join(sep, "var", "log", "bunkerweb")
 
 
-def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False) -> int:
+def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False, *, force: bool = False) -> int:
  process = Popen(
  [
  CERTBOT_BIN,
@@ -54,7 +54,8 @@ def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False)
  "--agree-tos",
  "--expand",
  ]
- + (["--staging"] if use_letsencrypt_staging else []),
+ + (["--staging"] if use_letsencrypt_staging else [])
+ + (["--force-renewal"] if force else []),
  stdin=DEVNULL,
  stderr=PIPE,
  universal_newlines=True,
@@ -96,7 +97,7 @@ def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False)
  # Restore Let's Encrypt data from db cache
  JOB.restore_cache(job_name="certbot-renew")
 
- domains_to_ask = []
+ domains_to_ask = {}
  # Multisite case
  if is_multisite:
  domains_server_names = {}
@@ -133,18 +134,18 @@ def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False)
 
  if proc.returncode != 0:
  LOGGER.error(f"Error while checking certificates :\n{proc.stdout}")
- domains_to_ask = server_names
+ domains_to_ask = {domain: True for domain in server_names}
  else:
  for first_server, domains in domains_server_names.items():
  generated_domains.update(domains.split(" "))
 
  current_domains = search(rf"Domains: {first_server}(?P<domains>.*)$", stdout, MULTILINE)
  if not current_domains:
- domains_to_ask.append(first_server)
+ domains_to_ask[first_server] = False
  continue
  elif set(f"{first_server}{current_domains.groupdict()['domains']}".strip().split(" ")) != set(domains.split(" ")):
  LOGGER.warning(f"Domains for {first_server} are not the same as in the certificate, asking new certificate...")
- domains_to_ask.append(first_server)
+ domains_to_ask[first_server] = True
  continue
  LOGGER.info(f"Certificates already exists for domain(s) {domains}")
 
@@ -159,7 +160,7 @@ def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False)
  use_letsencrypt_staging = getenv(f"{first_server}_USE_LETS_ENCRYPT_STAGING", getenv("USE_LETS_ENCRYPT_STAGING", "no")) == "yes"
 
  LOGGER.info(f"Asking certificates for domain(s) : {domains} (email = {real_email}) to Let's Encrypt {'staging ' if use_letsencrypt_staging else ''}...")
- if certbot_new(domains.replace(" ", ","), real_email, use_letsencrypt_staging) != 0:
+ if certbot_new(domains.replace(" ", ","), real_email, use_letsencrypt_staging, force=domains_to_ask[first_server]) != 0:
  status = 2
  LOGGER.error(f"Certificate generation failed for domain(s) {domains} ...")
  continue