summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/nat.py1
-rwxr-xr-xsrc/conf_mode/pki.py4
-rw-r--r--src/etc/systemd/system/certbot.service.d/10-override.conf7
-rwxr-xr-xsrc/helpers/teardown-config-session.py3
-rwxr-xr-xsrc/op_mode/pki.py15
5 files changed, 17 insertions, 13 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index a938021ba..564438237 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -23,7 +23,6 @@ from vyos.base import Warning
from vyos.config import Config
from vyos.configdep import set_dependents, call_dependents
from vyos.template import render
-from vyos.template import is_ip_network
from vyos.utils.kernel import check_kmod
from vyos.utils.dict import dict_search
from vyos.utils.dict import dict_search_args
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 7d01b6642..6522a3897 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -144,7 +144,7 @@ def certbot_request(name: str, config: dict, dry_run: bool=True):
# When ACME is used behind a reverse proxy, we always bind to localhost
# whatever the CLI listen-address is configured for.
- if ('haproxy' in dict_search('used_by', config) and
+ if ('used_by' in config and 'haproxy' in config['used_by'] and
is_systemd_service_running(systemd_services['haproxy']) and
not check_port_availability(listen_address, 80)):
tmp += f' --http-01-address 127.0.0.1 --http-01-port {internal_ports["certbot_haproxy"]}'
@@ -551,7 +551,7 @@ def generate(pki):
if not ca_cert_present:
tmp = dict_search_args(pki, 'ca', f'{autochain_prefix}{cert}', 'certificate')
if not bool(tmp) or tmp != cert_chain_base64:
- Message(f'Add/replace automatically imported CA certificate for "{cert}"...')
+ Message(f'Add/replace automatically imported CA certificate for "{cert}" ...')
add_cli_node(['pki', 'ca', f'{autochain_prefix}{cert}', 'certificate'], value=cert_chain_base64)
return None
diff --git a/src/etc/systemd/system/certbot.service.d/10-override.conf b/src/etc/systemd/system/certbot.service.d/10-override.conf
deleted file mode 100644
index 542f77eb2..000000000
--- a/src/etc/systemd/system/certbot.service.d/10-override.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-After=
-After=vyos-router.service
-
-[Service]
-ExecStart=
-ExecStart=/usr/bin/certbot renew --config-dir /config/auth/letsencrypt --no-random-sleep-on-renew --post-hook "/usr/libexec/vyos/vyos-certbot-renew-pki.sh"
diff --git a/src/helpers/teardown-config-session.py b/src/helpers/teardown-config-session.py
index c94876924..8d13e34cb 100755
--- a/src/helpers/teardown-config-session.py
+++ b/src/helpers/teardown-config-session.py
@@ -13,11 +13,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#
import sys
-import os
from vyos.vyconf_session import VyconfSession
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py
index 49a461e9e..d928bd325 100755
--- a/src/op_mode/pki.py
+++ b/src/op_mode/pki.py
@@ -1373,6 +1373,21 @@ def show_all(raw: bool):
print('\n')
show_crl(raw)
+def renew_certbot(raw: bool, force: typing.Optional[bool] = False):
+ from vyos.defaults import directories
+
+ certbot_config = directories['certbot']
+ hook_dir = directories['base']
+
+ tmp = f'/usr/bin/certbot renew --no-random-sleep-on-renew ' \
+ f'--config-dir "{certbot_config}" ' \
+ f'--post-hook "{hook_dir}/vyos-certbot-renew-pki.sh"'
+ if force:
+ tmp += ' --force-renewal'
+
+ out = cmd(tmp)
+ if not raw:
+ print(out)
if __name__ == '__main__':
try:
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-13 19:22:20 +0000