Generate new cert when changing fqdn

2026-01-27 18:19:33 +00:00 · 2022-04-16 19:14:10 +02:00
parent 169b147078
commit 99d8bbe6be
2 changed files with 18 additions and 0 deletions
--- a/10
+++ b/10
@@ -70,6 +70,16 @@ case $txt in
    ln -sf /home/labca/labca/cron_d /etc/cron.d/labca
    ln -sf /home/labca/labca/logrotate_d /etc/logrotate.d/labca
    ;;
+"acme-change")
+    read fqdn
+    cd /home/labca/nginx_data/ssl
+    openssl genrsa 4096 > labca_key.pem
+    openssl req -new -utf8 -sha256 -key labca_key.pem -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$fqdn")) > domain.csr
+    url=$(grep 'DEFAULT_DIRECTORY_URL =' /home/labca/acme_tiny.py | sed -e 's/.*=[ ]*//' | sed -e 's/\"//g')
+    wait_server $url
+    sleep 10
+    /home/labca/labca/renew
+    ;;
 "nginx-remove-redirect")
    perl -i -p0e 's/\n    # BEGIN temporary redirect\n    location = \/ \{\n        return 302 \/admin\/;\n    }\n    # END temporary redirect\n//igs' /home/labca/nginx_data/conf.d/labca.conf
    ;;
--- a/gui/main.go
+++ b/gui/main.go
@@ -519,9 +519,11 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {

 	if cfg.Validate(true) {
 		delta := false
+		deltaFQDN := false

 		if cfg.Fqdn != viper.GetString("labca.fqdn") {
 			delta = true
+			deltaFQDN = true
 			viper.Set("labca.fqdn", cfg.Fqdn)
 		}

@@ -573,6 +575,12 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
 				res.Success = false
 				res.Errors = cfg.Errors
 				res.Errors["ConfigUpdate"] = "Config apply error: '" + err.Error() + "'"
+			} else if deltaFQDN {
+				if !_hostCommand(w, r, "acme-change", viper.GetString("labca.fqdn")) {
+					res.Success = false
+					res.Errors = cfg.Errors
+					res.Errors["ConfigUpdate"] = "Error requesting certificate for new fqdn"
+				}
 			}
 		} else {
 			res.Success = false