when installing a ssl cert for the primary hostname, dns, postfix, and dovecot...

when installing a ssl cert for the primary hostname, dns, postfix, and dovecot all need to be updated/kicked see https://discourse.mailinabox.email/t/there-is-a-problem-with-the-ssl-certificate/144/4

when installing a ssl cert for the primary hostname, dns, postfix, and dovecot...
when installing a ssl cert for the primary hostname, dns, postfix, and dovecot all need to be updated/kicked see https://discourse.mailinabox.email/t/there-is-a-problem-with-the-ssl-certificate/144/4
ec73c171 · Joshua Tauberer · f9acf0ad · ec73c171 · ec73c171
Commit ec73c171 authored Oct 28, 2014 by Joshua Tauberer
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 5 deletions

status_checks.py management/status_checks.py +2 -3

web_update.py management/web_update.py +15 -2

No files found.
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -179,9 +179,8 @@ def check_primary_hostname_dns(domain, env, dns_domains, dns_zonefiles):
 	elif tlsa25 is None:
 		env['out'].print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""")
 	else:
-		env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'. Try running tools/dns_update to
-			regenerate the record. It may take several hours for
-                        public DNS to update after a change."""
+		env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'.
+			It may take several hours for public DNS to update after a change."""
                        % (tlsa_qname, tlsa25, tlsa25_expected))

 	# Check that the hostmaster@ email address exists.

--- a/management/web_update.py
+++ b/management/web_update.py
@@ -5,7 +5,7 @@
 import os, os.path, shutil, re, rtyaml

 from mailconfig import get_mail_domains
-from dns_update import get_custom_dns_config
+from dns_update import get_custom_dns_config, do_dns_update
 from utils import shell, safe_domain_name, sort_domains

 def get_web_domains(env):
@@ -237,8 +237,21 @@ def install_cert(domain, ssl_cert, ssl_chain, env):
 	os.makedirs(os.path.dirname(ssl_certificate), exist_ok=True)
 	shutil.move(fn, ssl_certificate)

+	ret = []
+
+	# When updating the cert for PRIMARY_HOSTNAME, also update DNS because it is
+	# used in the DANE TLSA record and restart postfix and dovecot which use
+	# that certificate.
+	if domain == env['PRIMARY_HOSTNAME']:
+		ret.append( do_dns_update(env) )
+
+		shell('check_call', ["/usr/sbin/service", "postfix", "restart"])
+		shell('check_call', ["/usr/sbin/service", "dovecot", "restart"])
+		ret.append("mail services restarted")
+
 	# Kick nginx so it sees the cert.
-	return do_web_update(env, ok_status="")
+	ret.append( do_web_update(env, ok_status="") )
+	return "\n".join(r for r in ret if r.strip() != "")

 def get_web_domains_info(env):
 	def check_cert(domain):