klemek/stapler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: better logging for cert manager

Browse Source
This commit is contained in:
klemek
2026-04-12 23:22:23 +02:00
parent 87341d4c25
commit 9cf3b4e83c
1 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cert.py
+18 -11
View File
@@ -86,9 +86,10 @@ class CertManager:
cert_path = self.self_signed_path / host cert_path = self.self_signed_path / host
if not cert_path.exists(): if not cert_path.exists():
cert_path.mkdir(parents=True) cert_path.mkdir(parents=True)
self.logger.debug("Created %s", cert_path)
try: try:
# openssl req -new -newkey rsa:2048 -days 30 -nodes -x509 -keyout server.key -out server.crt self.logger.debug("Creating self-signed certificate for %s...", host)
subprocess.run( subprocess.check_output(
[ [
self.__get_openssl_bin(), self.__get_openssl_bin(),
"req", "req",
@@ -104,14 +105,16 @@ class CertManager:
"-out", "-out",
cert_path / "fullchain.pem", cert_path / "fullchain.pem",
"-subj", "-subj",
f"/C=/ST=/L=/O=/OU=/CN={host}", f"/CN={host}",
], ],
check=True, stderr=subprocess.STDOUT,
) )
self.logger.info("Created self-signed certificate for %s", host) self.logger.info("Created self-signed certificate for %s", host)
except subprocess.CalledProcessError: except subprocess.CalledProcessError as e:
self.logger.exception( self.logger.exception(
"Could not create self-signed certificate for %s", host "Could not create self-signed certificate for %s\n%s",
host,
e.stdout.decode(),
) )
return False return False
return self.__exists_self_signed(host) return self.__exists_self_signed(host)
@@ -135,8 +138,8 @@ class CertManager:
def __create_certbot(self, host: str) -> bool: def __create_certbot(self, host: str) -> bool:
try: try:
# certonly -v --webroot --webroot-path=/var/www/certbot --agree-tos --no-eff-email -n --force-renewal --expand self.logger.debug("Creating certbot certificate for %s...", host)
subprocess.run( subprocess.check_output(
[ [
self.__get_certbot_bin(), self.__get_certbot_bin(),
"--non-interactive", "--non-interactive",
@@ -150,11 +153,15 @@ class CertManager:
"--domain", "--domain",
host, host,
], ],
check=True, stderr=subprocess.STDOUT,
) )
self.logger.info("Created certbot certificate for %s", host) self.logger.info("Created certbot certificate for %s", host)
except subprocess.CalledProcessError: except subprocess.CalledProcessError as e:
self.logger.exception("Could not create certbot certificate for %s", host) self.logger.exception(
"Could not create certbot certificate for %s\n%s",
host,
e.stdout.decode(),
)
return False return False
return self.__exists_certbot(host) return self.__exists_certbot(host)