problems[domain]="The domain's DNS is pointed elsewhere, so there is no point to installing a TLS certificate here and we could not automatically provision one anyway because provisioning requires access to the website (which isn't here)."
# Filter out domains that we can't provision a certificate for.
domains_to_provision=set()
defcan_provision_for_domain(domain):
domains_cant_provision={}
fromstatus_checksimportquery_dns,normalize_ip
# Does the domain resolve to this machine in public DNS? If not,
fordomaininplausible_web_domains:
# we can't do domain control validation. For IPv6 is configured,
# Skip domains that the user doesn't want to provision now.
# make sure both IPv4 and IPv6 are correct because we don't know
# Check that there isn't an explicit A/AAAA record.
importrequests.exceptions
ifdomainnotinactual_web_domains:
importacme.messages
domains_cant_provision[domain]="The domain has a custom DNS A/AAAA record that points the domain elsewhere, so there is no point to installing a TLS certificate here and we could not automatically provision one anyway because provisioning requires access to the website (which isn't here)."
fromfree_tls_certificatesimportclient
# Check that the DNS resolves to here.
else:
# Does the domain resolve to this machine in public DNS? If not,
# we can't do domain control validation. For IPv6 is configured,
# make sure both IPv4 and IPv6 are correct because we don't know
"-d",",".join(domain_list),# first will be main domain
})
"--csr",csr_file.name,# use our private key; unfortunately this doesn't work with auto-renew so we need to save cert manually
exceptclient.AccountDataIsCorruptase:
"--cert-path",os.path.join(d,'cert'),# we only use the full chain
# This is an extremely rare condition.
"--chain-path",os.path.join(d,'chain'),# we only use the full chain
ret_item.update({
"--fullchain-path",cert_file,
"result":"error",
"message":"Something unexpected went wrong. It looks like your local Let's Encrypt account data is corrupted. There was a problem with the file "+e.account_file_path+".",
<p>You need a TLS certificate for this box’s hostname ({{hostname}}) and every other domain name and subdomain that this box is hosting a website for (see the list below).</p>
<p>You need a TLS certificate for this box’s hostname ({{hostname}}) and every other domain name and subdomain that this box is hosting a website for (see the list below).</p>
@@ -225,52 +193,33 @@ function provision_tls_cert() {
...
@@ -225,52 +193,33 @@ function provision_tls_cert() {
for(vari=0;i<status.requests.length;i++){
for(vari=0;i<status.requests.length;i++){
varr=status.requests[i];
varr=status.requests[i];
if(r.result=="skipped"){
// not interested --- this domain wasn't in the table
// to begin with
continue;
}
// create an HTML block to display the results of this request
// create an HTML block to display the results of this request
varn=$("<div><h4/><p/></div>");
varn=$("<div><h4/><p/></div>");
$('#ssl_provision_result').append(n);
$('#ssl_provision_result').append(n);
// plain log line
if(typeofr==="string"){
n.find("p").text(r);
continue;
}
// show a header only to disambiguate request blocks
// show a header only to disambiguate request blocks
if(status.requests.length>0)
if(status.requests.length>0)
n.find("h4").text(r.domains.join(", "));
n.find("h4").text(r.domains.join(", "));
if(r.result=="agree-to-tos"){
if(r.result=="error"){
// user needs to agree to Let's Encrypt's TOS
agree_to_tos_url_prompt=r.url;
$('#ssl_provision_p .btn').attr('disabled','1');
n.find("p").html("Please open and review <a href='"+r.url+"' target='_blank'>Let's Encrypt's terms of service agreement</a>. You must agree to their terms for a certificate to be automatically provisioned from them.");
// Show a button that counts down to zero, at which point it becomes enabled.
n.find("p").text("A certificate is now in the process of being provisioned, but it takes some time. Please wait until the Finish button is enabled, and then click it to acquire the certificate.");
// don't re-enable the Provision button -- user must use the Retry button when it becomes enabled
may_reenable_provision_button=false;
}elseif(r.result=="installed"){
}elseif(r.result=="installed"){
n.find("p").addClass("text-success").text("The TLS certificate was provisioned and installed.");
n.find("p").addClass("text-success").text("The TLS certificate was provisioned and installed.");
setTimeout("show_tls(true)",1);// update main table of certificate statuses, call with arg keep_provisioning_shown true so that we don't clear what we just outputted
setTimeout("show_tls(true)",1);// update main table of certificate statuses, call with arg keep_provisioning_shown true so that we don't clear what we just outputted
}
}
// display the detailed log info in case of problems
// display the detailed log info in case of problems
...
@@ -278,7 +227,6 @@ function provision_tls_cert() {
...
@@ -278,7 +227,6 @@ function provision_tls_cert() {