Fix permissions on acme token upload, dont append well-known automatically
This commit is contained in:
Mathias Petermann
parent
66cab6abd3
commit
d24fae0bac
|
|
@ -866,7 +866,6 @@ class ACMEHttpIssuerPlugin(IssuerPlugin):
|
|||
current_app.logger.info("Uploaded HTTP-01 challenge tokens, trying to poll and finalize the order")
|
||||
|
||||
# Wait for challenge status and then issue a certificate.
|
||||
|
||||
for authz in orderr.authorizations:
|
||||
authzr, resp = acme_client.poll(authz)
|
||||
current_app.logger.info(authzr.body.status)
|
||||
|
|
@ -883,7 +882,7 @@ class ACMEHttpIssuerPlugin(IssuerPlugin):
|
|||
|
||||
if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \
|
||||
and datetime.datetime.now() < datetime.datetime.strptime(
|
||||
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
|
||||
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
|
||||
pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
|
||||
else:
|
||||
pem_certificate_chain = finalized_orderr.fullchain_pem[
|
||||
|
|
|
|||
|
|
@ -126,7 +126,6 @@ class SFTPDestinationPlugin(DestinationPlugin):
|
|||
current_app.logger.debug("SFTP destination plugin is started for HTTP-01 challenge")
|
||||
|
||||
dst_path = self.get_option("destinationPath", options)
|
||||
dst_path = path.join(dst_path, ".well-known/acme-challenge/")
|
||||
|
||||
_, filename = path.split(token_path)
|
||||
|
||||
|
|
@ -220,8 +219,8 @@ class SFTPDestinationPlugin(DestinationPlugin):
|
|||
sftp.chmod(path.join(dst_path, filename), 0o600)
|
||||
with sftp.open(path.join(dst_path, filename), "w") as f:
|
||||
f.write(data)
|
||||
# read only for owner, -r--------
|
||||
sftp.chmod(path.join(dst_path, filename), 0o400)
|
||||
# most likely the upload user isn't the webuser, -rw-r--r--
|
||||
sftp.chmod(path.join(dst_path, filename), 0o644)
|
||||
|
||||
ssh.close()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue