Updated requirements ; Revert change and require DNS validation by provider
This commit is contained in:
parent
1a90e71884
commit
6e3f394cff
|
@ -107,6 +107,22 @@ class AcmeHandler(object):
|
||||||
metrics.send('complete_dns_challenge_error_no_dnsproviders', 'counter', 1)
|
metrics.send('complete_dns_challenge_error_no_dnsproviders', 'counter', 1)
|
||||||
raise Exception("No DNS providers found for domain: {}".format(authz_record.host))
|
raise Exception("No DNS providers found for domain: {}".format(authz_record.host))
|
||||||
|
|
||||||
|
for dns_provider in dns_providers:
|
||||||
|
# Grab account number (For Route53)
|
||||||
|
dns_provider_options = json.loads(dns_provider.credentials)
|
||||||
|
account_number = dns_provider_options.get("account_id")
|
||||||
|
dns_provider_plugin = self.get_dns_provider(dns_provider.provider_type)
|
||||||
|
for change_id in authz_record.change_id:
|
||||||
|
try:
|
||||||
|
dns_provider_plugin.wait_for_dns_change(change_id, account_number=account_number)
|
||||||
|
except Exception:
|
||||||
|
metrics.send('complete_dns_challenge_error', 'counter', 1)
|
||||||
|
sentry.captureException()
|
||||||
|
current_app.logger.debug(
|
||||||
|
f"Unable to resolve DNS challenge for change_id: {change_id}, account_id: "
|
||||||
|
f"{account_number}", exc_info=True)
|
||||||
|
raise
|
||||||
|
|
||||||
for dns_challenge in authz_record.dns_challenge:
|
for dns_challenge in authz_record.dns_challenge:
|
||||||
response = dns_challenge.response(acme_client.client.net.key)
|
response = dns_challenge.response(acme_client.client.net.key)
|
||||||
|
|
||||||
|
@ -121,7 +137,15 @@ class AcmeHandler(object):
|
||||||
raise ValueError("Failed verification")
|
raise ValueError("Failed verification")
|
||||||
|
|
||||||
time.sleep(5)
|
time.sleep(5)
|
||||||
acme_client.answer_challenge(dns_challenge, response)
|
res = acme_client.answer_challenge(dns_challenge, response)
|
||||||
|
current_app.logger.debug(f"answer_challenge response: {res}")
|
||||||
|
|
||||||
|
def get_dns_challenge(self, authzr):
|
||||||
|
for challenge in authzr.body.challenges:
|
||||||
|
if challenge.chall.typ == 'dns-01':
|
||||||
|
return challenge
|
||||||
|
else:
|
||||||
|
raise Exception("Could not find an HTTP challenge!")
|
||||||
|
|
||||||
def request_certificate(self, acme_client, authorizations, order):
|
def request_certificate(self, acme_client, authorizations, order):
|
||||||
for authorization in authorizations:
|
for authorization in authorizations:
|
||||||
|
@ -132,6 +156,7 @@ class AcmeHandler(object):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
orderr = acme_client.poll_and_finalize(order, deadline)
|
orderr = acme_client.poll_and_finalize(order, deadline)
|
||||||
|
|
||||||
except (AcmeError, TimeoutError):
|
except (AcmeError, TimeoutError):
|
||||||
sentry.captureException(extra={"order_url": str(order.uri)})
|
sentry.captureException(extra={"order_url": str(order.uri)})
|
||||||
metrics.send('request_certificate_error', 'counter', 1)
|
metrics.send('request_certificate_error', 'counter', 1)
|
||||||
|
@ -480,6 +505,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
|
||||||
"pending_cert": entry["pending_cert"],
|
"pending_cert": entry["pending_cert"],
|
||||||
})
|
})
|
||||||
except (PollError, AcmeError, Exception) as e:
|
except (PollError, AcmeError, Exception) as e:
|
||||||
|
raise
|
||||||
sentry.captureException()
|
sentry.captureException()
|
||||||
metrics.send('get_ordered_certificates_resolution_error', 'counter', 1)
|
metrics.send('get_ordered_certificates_resolution_error', 'counter', 1)
|
||||||
order_url = order.uri
|
order_url = order.uri
|
||||||
|
|
|
@ -11,7 +11,7 @@ cfgv==1.6.0 # via pre-commit
|
||||||
chardet==3.0.4 # via requests
|
chardet==3.0.4 # via requests
|
||||||
docutils==0.14 # via readme-renderer
|
docutils==0.14 # via readme-renderer
|
||||||
flake8==3.5.0
|
flake8==3.5.0
|
||||||
identify==1.4.1 # via pre-commit
|
identify==1.4.2 # via pre-commit
|
||||||
idna==2.8 # via requests
|
idna==2.8 # via requests
|
||||||
importlib-metadata==0.9 # via pre-commit
|
importlib-metadata==0.9 # via pre-commit
|
||||||
invoke==1.2.0
|
invoke==1.2.0
|
||||||
|
@ -31,6 +31,6 @@ toml==0.10.0 # via pre-commit
|
||||||
tqdm==4.31.1 # via twine
|
tqdm==4.31.1 # via twine
|
||||||
twine==1.13.0
|
twine==1.13.0
|
||||||
urllib3==1.24.2 # via requests
|
urllib3==1.24.2 # via requests
|
||||||
virtualenv==16.4.3 # via pre-commit
|
virtualenv==16.5.0 # via pre-commit
|
||||||
webencodings==0.5.1 # via bleach
|
webencodings==0.5.1 # via bleach
|
||||||
zipp==0.3.3 # via importlib-metadata
|
zipp==0.4.0 # via importlib-metadata
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
acme==0.33.1
|
acme==0.33.1
|
||||||
alabaster==0.7.12 # via sphinx
|
alabaster==0.7.12 # via sphinx
|
||||||
alembic-autogenerate-enums==0.0.2
|
alembic-autogenerate-enums==0.0.2
|
||||||
alembic==1.0.9
|
alembic==1.0.10
|
||||||
amqp==2.4.2
|
amqp==2.4.2
|
||||||
aniso8601==6.0.0
|
aniso8601==6.0.0
|
||||||
arrow==0.13.1
|
arrow==0.13.1
|
||||||
|
@ -17,8 +17,8 @@ babel==2.6.0 # via sphinx
|
||||||
bcrypt==3.1.6
|
bcrypt==3.1.6
|
||||||
billiard==3.6.0.0
|
billiard==3.6.0.0
|
||||||
blinker==1.4
|
blinker==1.4
|
||||||
boto3==1.9.134
|
boto3==1.9.138
|
||||||
botocore==1.12.134
|
botocore==1.12.138
|
||||||
celery[redis]==4.3.0
|
celery[redis]==4.3.0
|
||||||
certifi==2019.3.9
|
certifi==2019.3.9
|
||||||
certsrv==2.1.1
|
certsrv==2.1.1
|
||||||
|
@ -38,7 +38,7 @@ flask-migrate==2.4.0
|
||||||
flask-principal==0.4.0
|
flask-principal==0.4.0
|
||||||
flask-restful==0.3.7
|
flask-restful==0.3.7
|
||||||
flask-script==2.0.6
|
flask-script==2.0.6
|
||||||
flask-sqlalchemy==2.3.2
|
flask-sqlalchemy==2.4.0
|
||||||
flask==1.0.2
|
flask==1.0.2
|
||||||
future==0.17.1
|
future==0.17.1
|
||||||
gunicorn==19.9.0
|
gunicorn==19.9.0
|
||||||
|
@ -47,7 +47,7 @@ idna==2.8
|
||||||
imagesize==1.1.0 # via sphinx
|
imagesize==1.1.0 # via sphinx
|
||||||
inflection==0.3.1
|
inflection==0.3.1
|
||||||
itsdangerous==1.1.0
|
itsdangerous==1.1.0
|
||||||
javaobj-py3==0.2.4
|
javaobj-py3==0.3.0
|
||||||
jinja2==2.10.1
|
jinja2==2.10.1
|
||||||
jmespath==0.9.4
|
jmespath==0.9.4
|
||||||
josepy==1.1.0
|
josepy==1.1.0
|
||||||
|
@ -62,10 +62,10 @@ mock==2.0.0
|
||||||
ndg-httpsclient==0.5.1
|
ndg-httpsclient==0.5.1
|
||||||
packaging==19.0 # via sphinx
|
packaging==19.0 # via sphinx
|
||||||
paramiko==2.4.2
|
paramiko==2.4.2
|
||||||
pbr==5.1.3
|
pbr==5.2.0
|
||||||
pem==19.1.0
|
pem==19.1.0
|
||||||
psycopg2==2.8.2
|
psycopg2==2.8.2
|
||||||
pyasn1-modules==0.2.4
|
pyasn1-modules==0.2.5
|
||||||
pyasn1==0.4.5
|
pyasn1==0.4.5
|
||||||
pycparser==2.19
|
pycparser==2.19
|
||||||
pycryptodomex==3.8.1
|
pycryptodomex==3.8.1
|
||||||
|
|
|
@ -7,11 +7,11 @@
|
||||||
asn1crypto==0.24.0 # via cryptography
|
asn1crypto==0.24.0 # via cryptography
|
||||||
atomicwrites==1.3.0 # via pytest
|
atomicwrites==1.3.0 # via pytest
|
||||||
attrs==19.1.0 # via pytest
|
attrs==19.1.0 # via pytest
|
||||||
aws-sam-translator==1.10.0 # via cfn-lint
|
aws-sam-translator==1.11.0 # via cfn-lint
|
||||||
aws-xray-sdk==2.4.2 # via moto
|
aws-xray-sdk==2.4.2 # via moto
|
||||||
boto3==1.9.134 # via aws-sam-translator, moto
|
boto3==1.9.138 # via aws-sam-translator, moto
|
||||||
boto==2.49.0 # via moto
|
boto==2.49.0 # via moto
|
||||||
botocore==1.12.134 # via aws-xray-sdk, boto3, moto, s3transfer
|
botocore==1.12.138 # via aws-xray-sdk, boto3, moto, s3transfer
|
||||||
certifi==2019.3.9 # via requests
|
certifi==2019.3.9 # via requests
|
||||||
cffi==1.12.3 # via cryptography
|
cffi==1.12.3 # via cryptography
|
||||||
cfn-lint==0.19.1 # via moto
|
cfn-lint==0.19.1 # via moto
|
||||||
|
@ -42,7 +42,7 @@ mock==2.0.0 # via moto
|
||||||
more-itertools==7.0.0 # via pytest
|
more-itertools==7.0.0 # via pytest
|
||||||
moto==1.3.8
|
moto==1.3.8
|
||||||
nose==1.3.7
|
nose==1.3.7
|
||||||
pbr==5.1.3 # via mock
|
pbr==5.2.0 # via mock
|
||||||
pluggy==0.9.0 # via pytest
|
pluggy==0.9.0 # via pytest
|
||||||
py==1.8.0 # via pytest
|
py==1.8.0 # via pytest
|
||||||
pyasn1==0.4.5 # via rsa
|
pyasn1==0.4.5 # via rsa
|
||||||
|
@ -55,7 +55,7 @@ python-dateutil==2.8.0 # via botocore, faker, freezegun, moto
|
||||||
python-jose==3.0.1 # via moto
|
python-jose==3.0.1 # via moto
|
||||||
pytz==2019.1 # via moto
|
pytz==2019.1 # via moto
|
||||||
pyyaml==5.1
|
pyyaml==5.1
|
||||||
requests-mock==1.5.2
|
requests-mock==1.6.0
|
||||||
requests==2.21.0 # via cfn-lint, docker, moto, requests-mock, responses
|
requests==2.21.0 # via cfn-lint, docker, moto, requests-mock, responses
|
||||||
responses==0.10.6 # via moto
|
responses==0.10.6 # via moto
|
||||||
rsa==4.0 # via python-jose
|
rsa==4.0 # via python-jose
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
#
|
#
|
||||||
acme==0.33.1
|
acme==0.33.1
|
||||||
alembic-autogenerate-enums==0.0.2
|
alembic-autogenerate-enums==0.0.2
|
||||||
alembic==1.0.9 # via flask-migrate
|
alembic==1.0.10 # via flask-migrate
|
||||||
amqp==2.4.2 # via kombu
|
amqp==2.4.2 # via kombu
|
||||||
aniso8601==6.0.0 # via flask-restful
|
aniso8601==6.0.0 # via flask-restful
|
||||||
arrow==0.13.1
|
arrow==0.13.1
|
||||||
|
@ -15,8 +15,8 @@ asyncpool==1.0
|
||||||
bcrypt==3.1.6 # via flask-bcrypt, paramiko
|
bcrypt==3.1.6 # via flask-bcrypt, paramiko
|
||||||
billiard==3.6.0.0 # via celery
|
billiard==3.6.0.0 # via celery
|
||||||
blinker==1.4 # via flask-mail, flask-principal, raven
|
blinker==1.4 # via flask-mail, flask-principal, raven
|
||||||
boto3==1.9.134
|
boto3==1.9.138
|
||||||
botocore==1.12.134
|
botocore==1.12.138
|
||||||
celery[redis]==4.3.0
|
celery[redis]==4.3.0
|
||||||
certifi==2019.3.9
|
certifi==2019.3.9
|
||||||
certsrv==2.1.1
|
certsrv==2.1.1
|
||||||
|
@ -36,7 +36,7 @@ flask-migrate==2.4.0
|
||||||
flask-principal==0.4.0
|
flask-principal==0.4.0
|
||||||
flask-restful==0.3.7
|
flask-restful==0.3.7
|
||||||
flask-script==2.0.6
|
flask-script==2.0.6
|
||||||
flask-sqlalchemy==2.3.2
|
flask-sqlalchemy==2.4.0
|
||||||
flask==1.0.2
|
flask==1.0.2
|
||||||
future==0.17.1
|
future==0.17.1
|
||||||
gunicorn==19.9.0
|
gunicorn==19.9.0
|
||||||
|
@ -44,7 +44,7 @@ hvac==0.8.2
|
||||||
idna==2.8 # via requests
|
idna==2.8 # via requests
|
||||||
inflection==0.3.1
|
inflection==0.3.1
|
||||||
itsdangerous==1.1.0 # via flask
|
itsdangerous==1.1.0 # via flask
|
||||||
javaobj-py3==0.2.4 # via pyjks
|
javaobj-py3==0.3.0 # via pyjks
|
||||||
jinja2==2.10.1
|
jinja2==2.10.1
|
||||||
jmespath==0.9.4 # via boto3, botocore
|
jmespath==0.9.4 # via boto3, botocore
|
||||||
josepy==1.1.0 # via acme
|
josepy==1.1.0 # via acme
|
||||||
|
@ -58,10 +58,10 @@ marshmallow==2.19.2
|
||||||
mock==2.0.0 # via acme
|
mock==2.0.0 # via acme
|
||||||
ndg-httpsclient==0.5.1
|
ndg-httpsclient==0.5.1
|
||||||
paramiko==2.4.2
|
paramiko==2.4.2
|
||||||
pbr==5.1.3 # via mock
|
pbr==5.2.0 # via mock
|
||||||
pem==19.1.0
|
pem==19.1.0
|
||||||
psycopg2==2.8.2
|
psycopg2==2.8.2
|
||||||
pyasn1-modules==0.2.4 # via pyjks, python-ldap
|
pyasn1-modules==0.2.5 # via pyjks, python-ldap
|
||||||
pyasn1==0.4.5 # via ndg-httpsclient, paramiko, pyasn1-modules, pyjks, python-ldap
|
pyasn1==0.4.5 # via ndg-httpsclient, paramiko, pyasn1-modules, pyjks, python-ldap
|
||||||
pycparser==2.19 # via cffi
|
pycparser==2.19 # via cffi
|
||||||
pycryptodomex==3.8.1 # via pyjks
|
pycryptodomex==3.8.1 # via pyjks
|
||||||
|
|
Loading…
Reference in New Issue