diff --git a/manifest.yml b/manifest.yml index 2ee8ac9..fd4af1d 100644 --- a/manifest.yml +++ b/manifest.yml @@ -1,6 +1,7 @@ applications: - name: letsencrypt - buildpack: python_buildpack + buildpacks: + - https://github.com/cloudfoundry/python-buildpack.git memory: 128M instances: 1 no-route: true diff --git a/requirements.txt b/requirements.txt index 963f8f3..43d56aa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ -cffi >= 0.8.0 -letsencrypt >= 0.7.0 -six >= 1.7 -pyyaml >= 3.11 +certbot >= 1.14.0 +pyyaml >= 5.3.1 +wheel diff --git a/run.py b/run.py index 65f112f..c8f93e0 100644 --- a/run.py +++ b/run.py @@ -3,9 +3,9 @@ import sys import time import threading -from http.server import SimpleHTTPRequestHandler +from http.server import SimpleHTTPRequestHandler import socketserver -from letsencrypt import main as cli +from certbot import main as cli cwd = os.getcwd() logs = cwd+"/logs" diff --git a/runtime.txt b/runtime.txt index 62ce9c0..1052ccb 100644 --- a/runtime.txt +++ b/runtime.txt @@ -1 +1 @@ -python-3.6.x +python-3.x diff --git a/setup-app.py b/setup-app.py index 08fcb5b..b61da58 100644 --- a/setup-app.py +++ b/setup-app.py @@ -16,8 +16,9 @@ def domain_has_ssl(domain, full_host, print_info=False): The print_info parameter can be used to dump the certificate information from Bluemix to stdout. """ - pipe = Popen("ibmcloud app domain-cert %s" % domain, - stdout=PIPE, shell=True) + print("Checking whether %s already has a certificate assigned..." % primary_domain) + + pipe = Popen("ibmcloud app domain-cert %s" % domain, stdout=PIPE, shell=True) output = pipe.stdout.read().decode("unicode_escape") cert_exists = "OK" in output if print_info and cert_exists: @@ -109,27 +110,22 @@ def check_ssl(full_host): # Figure out which domain name to look for primary_domain = settings['domains'][0]['domain'] - -domain_with_first_host = "%s.%s" % (settings['domains'][0]['hosts'][0], - primary_domain) +domain_with_first_host = "%s.%s" % (settings['domains'][0]['hosts'][0], primary_domain) # Hostname is sometimes '.', which requires special handling if domain_with_first_host.startswith('..'): domain_with_first_host = domain_with_first_host[2:] -print("\nWaiting for container to mount filesystem") -time.sleep(5) - -cert1Proc = get_cert(appname, domain_with_first_host, 'cert.pem') -cert2Proc = get_cert(appname, domain_with_first_host, 'chain.pem') -cert3Proc = get_cert(appname, domain_with_first_host, 'fullchain.pem') -cert4Proc = get_cert(appname, domain_with_first_host, 'privkey.pem') - -# wait for get_cert subprocesses to finish -cert1Proc.wait() -cert2Proc.wait() -cert3Proc.wait() -cert4Proc.wait() +# Retrieve the certs from the letsencrypt app container +for cert in ["cert", "chain", "privkey"]: + seconds_waited = 0 + MAX_WAIT_SECONDS = 60 + while get_cert(appname, domain_with_first_host, "%s.pem" % cert).wait() != 0: + if seconds_waited >= MAX_WAIT_SECONDS: + print("ERROR: Failed to retrieve %s" % cert) + sys.exit(1) + time.sleep(5) + seconds_waited = seconds_waited + 5 # Check if there is already an SSL in place if domain_has_ssl(primary_domain, domain_with_first_host, True): @@ -153,8 +149,7 @@ def check_ssl(full_host): while(failure and count < 3): # Upload new cert print("Attempting certificate upload...") - call("ibmcloud app domain-cert-add %s -c cert.pem -k privkey.pem -i chain.pem" - % primary_domain, shell=True) + call("ibmcloud app domain-cert-add %s --cert cert.pem --key privkey.pem --intermediate-cert chain.pem" % primary_domain, shell=True) failure = not domain_has_ssl(primary_domain, domain_with_first_host, True) count = count + 1 time.sleep(5)