diff options
| -rw-r--r-- | op-mode-definitions/pki.xml.in | 16 | ||||
| -rw-r--r-- | python/vyos/defaults.py | 4 | ||||
| -rw-r--r-- | src/etc/systemd/system/certbot.service.d/10-override.conf | 7 | ||||
| -rwxr-xr-x | src/op_mode/pki.py | 15 |
4 files changed, 29 insertions, 13 deletions
diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in index 43fb1fe2b..542b15e9d 100644 --- a/op-mode-definitions/pki.xml.in +++ b/op-mode-definitions/pki.xml.in @@ -576,12 +576,20 @@ </node> <node name="renew"> <children> - <leafNode name="certbot"> + <node name="certbot"> <properties> - <help>Start manual certbot renewal</help> + <help>Manual certbot renewal</help> </properties> - <command>systemctl start certbot.service</command> - </leafNode> + <command>${vyos_op_scripts_dir}/pki.py renew_certbot</command> + <children> + <leafNode name="force"> + <properties> + <help>Force manual certbot renewal</help> + </properties> + <command>${vyos_op_scripts_dir}/pki.py renew_certbot --force</command> + </leafNode> + </children> + </node> </children> </node> </interfaceDefinition> diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index f84b14040..63f3b5358 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -15,10 +15,10 @@ import os -base_dir = '/usr/libexec/vyos/' +base_dir = '/usr/libexec/vyos' directories = { - 'base' : base_dir, + 'base' : f'{base_dir}', 'data' : '/usr/share/vyos/', 'conf_mode' : f'{base_dir}/conf_mode', 'op_mode' : f'{base_dir}/op_mode', diff --git a/src/etc/systemd/system/certbot.service.d/10-override.conf b/src/etc/systemd/system/certbot.service.d/10-override.conf deleted file mode 100644 index 542f77eb2..000000000 --- a/src/etc/systemd/system/certbot.service.d/10-override.conf +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -After= -After=vyos-router.service - -[Service] -ExecStart= -ExecStart=/usr/bin/certbot renew --config-dir /config/auth/letsencrypt --no-random-sleep-on-renew --post-hook "/usr/libexec/vyos/vyos-certbot-renew-pki.sh" diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index 49a461e9e..d928bd325 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -1373,6 +1373,21 @@ def show_all(raw: bool): print('\n') show_crl(raw) +def renew_certbot(raw: bool, force: typing.Optional[bool] = False): + from vyos.defaults import directories + + certbot_config = directories['certbot'] + hook_dir = directories['base'] + + tmp = f'/usr/bin/certbot renew --no-random-sleep-on-renew ' \ + f'--config-dir "{certbot_config}" ' \ + f'--post-hook "{hook_dir}/vyos-certbot-renew-pki.sh"' + if force: + tmp += ' --force-renewal' + + out = cmd(tmp) + if not raw: + print(out) if __name__ == '__main__': try: |