Fix issue with automatically renewing acme certificates

2018-05-08 14:54:10 -07:00
parent a8187d15c6
commit 6500559f8e
10 changed files with 51 additions and 20 deletions
--- a/lemur/pending_certificates/cli.py
+++ b/lemur/pending_certificates/cli.py
@ -6,6 +6,7 @@
 """
 from flask_script import Manager

+from lemur.authorities.service import get as get_authority
 from lemur.pending_certificates import service as pending_certificate_service
 from lemur.plugins.base import plugins
 from lemur.users import service as user_service
@ -56,14 +57,27 @@ def fetch(ids):
@manager.command
 def fetch_all_acme():
    """
-    Attempt to get full certificates for each pending certificate listed for ACME.
+    Attempt to get full certificates for each pending certificate listed with the acme-issuer. This is more efficient
+    for acme-issued certificates because it will configure all of the DNS challenges prior to resolving any
+    certificates.
    """
    pending_certs = pending_certificate_service.get_pending_certs('all')
    user = user_service.get_by_username('lemur')
    new = 0
    failed = 0
+    wrong_issuer = 0
+    acme_certs = []
+
+    # We only care about certs using the acme-issuer plugin
+    for cert in pending_certs:
+        cert_authority = get_authority(cert.authority_id)
+        if cert_authority.plugin_name == 'acme-issuer':
+            acme_certs.append(cert)
+        else:
+            wrong_issuer += 1
+
    authority = plugins.get("acme-issuer")
-    resolved_certs = authority.get_ordered_certificates(pending_certs)
+    resolved_certs = authority.get_ordered_certificates(acme_certs)

    for cert in resolved_certs:
        real_cert = cert.get("cert")
@ -81,8 +95,9 @@ def fetch_all_acme():
            pending_certificate_service.increment_attempt(pending_cert)
            failed += 1
    print(
-        "[+] Certificates: New: {new} Failed: {failed}".format(
+        "[+] Certificates: New: {new} Failed: {failed} Not using ACME: {wrong_issuer}".format(
            new=new,
            failed=failed,
+            wrong_issuer=wrong_issuer
        )
    )
--- a/lemur/pending_certificates/models.py
+++ b/lemur/pending_certificates/models.py
@ -97,6 +97,6 @@ class PendingCertificate(db.Model):
        self.rotation = kwargs.get('rotation')
        self.rotation_policy = kwargs.get('rotation_policy')
        try:
-            self.dns_provider_id = kwargs.get('dns_provider', {}).get("id")
-        except AttributeError:
-            self.dns_provider_id = None
+            self.dns_provider_id = kwargs.get('dns_provider')["id"]
+        except (AttributeError, KeyError, TypeError):
+            self.dns_provider_id = kwargs.get('dns_provider_id')