use PMG::CertHelpers;
use PMG::NodeConfig;
+use PMG::RS::Acme;
use PMG::RS::CSR;
use PMG::API2::ACMEPlugin;
if ($type eq 'api') {
print "Restarting pmgproxy\n";
PVE::Tools::run_command(['systemctl', 'reload-or-restart', 'pmgproxy']);
+
+ my $cinfo = PMG::ClusterConfig->new();
+ if (scalar(keys %{$cinfo->{ids}})) {
+ print "Notify cluster about new fingerprint\n";
+ PMG::Cluster::trigger_update_fingerprints($cinfo);
+ }
}
};
my $code = sub {
my $cfg = PMG::Config->new();
- if (!$cfg->get('mail', 'tls') == !$on) {
- return;
+ if (!$cfg->get('mail', 'tls') != !$on) {
+ print "Rewriting postfix config\n";
+ $cfg->set('mail', 'tls', $on);
+ $cfg->write();
+ my $changed = $cfg->rewrite_config_postfix();
}
- print "Rewriting postfix config\n";
- $cfg->set('mail', 'tls', $on);
- $cfg->write();
- my $changed = $cfg->rewrite_config_postfix();
-
- if ($changed && $reload) {
+ if ($reload) {
print "Reloading postfix\n";
PMG::Utils::service_cmd('postfix', 'reload');
}
print "Status is 'valid', domain '$domain' OK!\n";
last;
}
- die "validating challenge '$auth_url' failed - status: $auth->{status}\n";
+ my $error = "validating challenge '$auth_url' failed - status: $auth->{status}";
+ for (@{$auth->{challenges}}) {
+ $error .= ", $_->{error}->{detail}" if $_->{error}->{detail};
+ }
+ die "$error\n";
}
};
my $err = $@;
my $filter_domains = sub {
my ($acme_config, $type) = @_;
- my $domains = $acme_config->{domains};
- foreach my $domain (sort keys %$domains) {
- my $entry = $domains->{$domain};
- if (!(grep { $_ eq $type } PVE::Tools::split_list($entry->{usage}))) {
- delete $domains->{$domain};
- }
- }
+ my $domains = PMG::NodeConfig::filter_domains_by_type($acme_config->{domains}, $type);
- if (!%$domains) {
+ if (!$domains) {
raise("No domains configured for type '$type'\n", 400);
}
+
+ $acme_config->{domains} = $domains;
};
__PACKAGE__->register_method ({
if (defined($old_cert)) {
print "Revoking old certificate\n";
- eval { $acme->revoke_certificate($old_cert, undef) };
+ eval {
+ $old_cert = pem_certificate($old_cert)
+ or die "no certificate section found in '$cert_path'\n";
+ $acme->revoke_certificate($old_cert, undef);
+ };
warn "Revoke request to CA failed: $@" if $@;
}
};