Fix permissions on acme token upload, dont append well-known automatically
This commit is contained in:
parent
66cab6abd3
commit
d24fae0bac
|
@ -866,7 +866,6 @@ class ACMEHttpIssuerPlugin(IssuerPlugin):
|
||||||
current_app.logger.info("Uploaded HTTP-01 challenge tokens, trying to poll and finalize the order")
|
current_app.logger.info("Uploaded HTTP-01 challenge tokens, trying to poll and finalize the order")
|
||||||
|
|
||||||
# Wait for challenge status and then issue a certificate.
|
# Wait for challenge status and then issue a certificate.
|
||||||
|
|
||||||
for authz in orderr.authorizations:
|
for authz in orderr.authorizations:
|
||||||
authzr, resp = acme_client.poll(authz)
|
authzr, resp = acme_client.poll(authz)
|
||||||
current_app.logger.info(authzr.body.status)
|
current_app.logger.info(authzr.body.status)
|
||||||
|
@ -883,7 +882,7 @@ class ACMEHttpIssuerPlugin(IssuerPlugin):
|
||||||
|
|
||||||
if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \
|
if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \
|
||||||
and datetime.datetime.now() < datetime.datetime.strptime(
|
and datetime.datetime.now() < datetime.datetime.strptime(
|
||||||
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
|
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
|
||||||
pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
|
pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
|
||||||
else:
|
else:
|
||||||
pem_certificate_chain = finalized_orderr.fullchain_pem[
|
pem_certificate_chain = finalized_orderr.fullchain_pem[
|
||||||
|
|
|
@ -126,7 +126,6 @@ class SFTPDestinationPlugin(DestinationPlugin):
|
||||||
current_app.logger.debug("SFTP destination plugin is started for HTTP-01 challenge")
|
current_app.logger.debug("SFTP destination plugin is started for HTTP-01 challenge")
|
||||||
|
|
||||||
dst_path = self.get_option("destinationPath", options)
|
dst_path = self.get_option("destinationPath", options)
|
||||||
dst_path = path.join(dst_path, ".well-known/acme-challenge/")
|
|
||||||
|
|
||||||
_, filename = path.split(token_path)
|
_, filename = path.split(token_path)
|
||||||
|
|
||||||
|
@ -220,8 +219,8 @@ class SFTPDestinationPlugin(DestinationPlugin):
|
||||||
sftp.chmod(path.join(dst_path, filename), 0o600)
|
sftp.chmod(path.join(dst_path, filename), 0o600)
|
||||||
with sftp.open(path.join(dst_path, filename), "w") as f:
|
with sftp.open(path.join(dst_path, filename), "w") as f:
|
||||||
f.write(data)
|
f.write(data)
|
||||||
# read only for owner, -r--------
|
# most likely the upload user isn't the webuser, -rw-r--r--
|
||||||
sftp.chmod(path.join(dst_path, filename), 0o400)
|
sftp.chmod(path.join(dst_path, filename), 0o644)
|
||||||
|
|
||||||
ssh.close()
|
ssh.close()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue