2018-01-10 23:14:56 -05:00
|
|
|
"""A class that performs HTTP-01 challenges for Apache"""
|
2020-02-05 16:27:12 -05:00
|
|
|
import errno
|
2021-03-09 19:12:32 -05:00
|
|
|
import logging
|
|
|
|
|
from typing import List
|
|
|
|
|
from typing import Set
|
2021-11-24 02:33:09 -05:00
|
|
|
from typing import TYPE_CHECKING
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2022-01-24 18:16:19 -05:00
|
|
|
from acme.challenges import KeyAuthorizationChallengeResponse
|
2018-01-17 12:27:36 -05:00
|
|
|
from certbot import errors
|
2022-01-21 04:15:48 -05:00
|
|
|
from certbot.achallenges import KeyAuthorizationAnnotatedChallenge
|
2019-06-20 13:52:43 -04:00
|
|
|
from certbot.compat import filesystem
|
2019-12-09 15:50:20 -05:00
|
|
|
from certbot.compat import os
|
2018-01-10 23:14:56 -05:00
|
|
|
from certbot.plugins import common
|
2022-01-09 16:51:06 -05:00
|
|
|
from certbot_apache._internal.obj import VirtualHost
|
2019-11-25 12:44:40 -05:00
|
|
|
from certbot_apache._internal.parser import get_aug_path
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2021-11-24 02:33:09 -05:00
|
|
|
if TYPE_CHECKING:
|
|
|
|
|
from certbot_apache._internal.configurator import ApacheConfigurator # pragma: no cover
|
|
|
|
|
|
2018-01-10 23:14:56 -05:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
2019-04-12 16:32:52 -04:00
|
|
|
|
2019-10-30 18:19:38 -04:00
|
|
|
class ApacheHttp01(common.ChallengePerformer):
|
2018-01-16 13:33:25 -05:00
|
|
|
"""Class that performs HTTP-01 challenges within the Apache configurator."""
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2018-01-23 19:46:36 -05:00
|
|
|
CONFIG_TEMPLATE22_PRE = """\
|
2018-01-16 21:16:33 -05:00
|
|
|
RewriteEngine on
|
|
|
|
|
RewriteRule ^/\\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [L]
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2018-01-23 19:46:36 -05:00
|
|
|
"""
|
|
|
|
|
CONFIG_TEMPLATE22_POST = """\
|
2018-01-16 13:33:25 -05:00
|
|
|
<Directory {0}>
|
2018-01-16 21:16:33 -05:00
|
|
|
Order Allow,Deny
|
2018-01-16 13:33:25 -05:00
|
|
|
Allow from all
|
|
|
|
|
</Directory>
|
2018-01-23 19:46:36 -05:00
|
|
|
<Location /.well-known/acme-challenge>
|
|
|
|
|
Order Allow,Deny
|
|
|
|
|
Allow from all
|
|
|
|
|
</Location>
|
2018-01-16 13:33:25 -05:00
|
|
|
"""
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2018-01-23 19:46:36 -05:00
|
|
|
CONFIG_TEMPLATE24_PRE = """\
|
2018-01-16 21:16:33 -05:00
|
|
|
RewriteEngine on
|
|
|
|
|
RewriteRule ^/\\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [END]
|
2018-01-23 19:46:36 -05:00
|
|
|
"""
|
|
|
|
|
CONFIG_TEMPLATE24_POST = """\
|
2018-01-16 13:33:25 -05:00
|
|
|
<Directory {0}>
|
|
|
|
|
Require all granted
|
|
|
|
|
</Directory>
|
2018-01-23 19:46:36 -05:00
|
|
|
<Location /.well-known/acme-challenge>
|
|
|
|
|
Require all granted
|
|
|
|
|
</Location>
|
2018-01-16 13:33:25 -05:00
|
|
|
"""
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2021-11-24 02:33:09 -05:00
|
|
|
def __init__(self, configurator: "ApacheConfigurator") -> None:
|
|
|
|
|
super().__init__(configurator)
|
|
|
|
|
self.configurator: "ApacheConfigurator"
|
2018-01-23 19:46:36 -05:00
|
|
|
self.challenge_conf_pre = os.path.join(
|
|
|
|
|
self.configurator.conf("challenge-location"),
|
|
|
|
|
"le_http_01_challenge_pre.conf")
|
|
|
|
|
self.challenge_conf_post = os.path.join(
|
2018-01-10 23:14:56 -05:00
|
|
|
self.configurator.conf("challenge-location"),
|
2018-01-23 19:46:36 -05:00
|
|
|
"le_http_01_challenge_post.conf")
|
2018-01-14 18:22:22 -05:00
|
|
|
self.challenge_dir = os.path.join(
|
|
|
|
|
self.configurator.config.work_dir,
|
|
|
|
|
"http_challenges")
|
2021-03-10 14:51:27 -05:00
|
|
|
self.moded_vhosts: Set[VirtualHost] = set()
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2022-01-24 18:16:19 -05:00
|
|
|
def perform(self) -> List[KeyAuthorizationChallengeResponse]:
|
2018-01-10 23:14:56 -05:00
|
|
|
"""Perform all HTTP-01 challenges."""
|
|
|
|
|
if not self.achalls:
|
|
|
|
|
return []
|
|
|
|
|
# Save any changes to the configuration as a precaution
|
|
|
|
|
# About to make temporary changes to the config
|
|
|
|
|
self.configurator.save("Changes before challenge setup", True)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
self.configurator.ensure_listen(str(self.configurator.config.http01_port))
|
2018-01-11 07:46:48 -05:00
|
|
|
self.prepare_http01_modules()
|
|
|
|
|
|
2018-01-10 23:14:56 -05:00
|
|
|
responses = self._set_up_challenges()
|
2018-01-16 13:33:25 -05:00
|
|
|
|
2018-01-10 23:14:56 -05:00
|
|
|
self._mod_config()
|
|
|
|
|
# Save reversible changes
|
|
|
|
|
self.configurator.save("HTTP Challenge", True)
|
|
|
|
|
|
|
|
|
|
return responses
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def prepare_http01_modules(self) -> None:
|
2018-01-11 07:46:48 -05:00
|
|
|
"""Make sure that we have the needed modules available for http01"""
|
|
|
|
|
|
|
|
|
|
if self.configurator.conf("handle-modules"):
|
2018-01-16 21:16:33 -05:00
|
|
|
needed_modules = ["rewrite"]
|
2018-01-11 12:27:30 -05:00
|
|
|
if self.configurator.version < (2, 4):
|
|
|
|
|
needed_modules.append("authz_host")
|
|
|
|
|
else:
|
|
|
|
|
needed_modules.append("authz_core")
|
|
|
|
|
for mod in needed_modules:
|
|
|
|
|
if mod + "_module" not in self.configurator.parser.modules:
|
|
|
|
|
self.configurator.enable_mod(mod, temp=True)
|
2018-01-11 07:46:48 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _mod_config(self) -> None:
|
2021-03-10 14:51:27 -05:00
|
|
|
selected_vhosts: List[VirtualHost] = []
|
2019-02-06 13:02:35 -05:00
|
|
|
http_port = str(self.configurator.config.http01_port)
|
2021-06-21 07:18:29 -04:00
|
|
|
|
|
|
|
|
# Search for VirtualHosts matching by name
|
2018-01-16 13:33:25 -05:00
|
|
|
for chall in self.achalls:
|
2021-06-21 07:18:29 -04:00
|
|
|
selected_vhosts += self._matching_vhosts(chall.domain)
|
2019-02-06 13:02:35 -05:00
|
|
|
|
|
|
|
|
# Ensure that we have one or more VirtualHosts that we can continue
|
|
|
|
|
# with. (one that listens to port configured with --http-01-port)
|
|
|
|
|
found = False
|
|
|
|
|
for vhost in selected_vhosts:
|
|
|
|
|
if any(a.is_wildcard() or a.get_port() == http_port for a in vhost.addrs):
|
|
|
|
|
found = True
|
|
|
|
|
|
2021-09-02 16:43:13 -04:00
|
|
|
# If there's at least one eligible VirtualHost, also add all unnamed VirtualHosts
|
2021-06-21 07:18:29 -04:00
|
|
|
# because they might match at runtime (#8890)
|
|
|
|
|
if found:
|
|
|
|
|
selected_vhosts += self._unnamed_vhosts()
|
|
|
|
|
# Otherwise, add every Virtualhost which listens on the right port
|
|
|
|
|
else:
|
|
|
|
|
selected_vhosts += self._relevant_vhosts()
|
2019-02-06 13:02:35 -05:00
|
|
|
|
|
|
|
|
# Add the challenge configuration
|
|
|
|
|
for vh in selected_vhosts:
|
|
|
|
|
self._set_up_include_directives(vh)
|
2018-01-16 13:33:25 -05:00
|
|
|
|
2018-01-10 23:14:56 -05:00
|
|
|
self.configurator.reverter.register_file_creation(
|
2018-01-23 19:46:36 -05:00
|
|
|
True, self.challenge_conf_pre)
|
|
|
|
|
self.configurator.reverter.register_file_creation(
|
|
|
|
|
True, self.challenge_conf_post)
|
2018-01-10 23:14:56 -05:00
|
|
|
|
|
|
|
|
if self.configurator.version < (2, 4):
|
2018-01-23 19:46:36 -05:00
|
|
|
config_template_pre = self.CONFIG_TEMPLATE22_PRE
|
|
|
|
|
config_template_post = self.CONFIG_TEMPLATE22_POST
|
2018-01-10 23:14:56 -05:00
|
|
|
else:
|
2018-01-23 19:46:36 -05:00
|
|
|
config_template_pre = self.CONFIG_TEMPLATE24_PRE
|
|
|
|
|
config_template_post = self.CONFIG_TEMPLATE24_POST
|
2018-01-16 13:33:25 -05:00
|
|
|
|
2018-01-23 19:46:36 -05:00
|
|
|
config_text_pre = config_template_pre.format(self.challenge_dir)
|
|
|
|
|
config_text_post = config_template_post.format(self.challenge_dir)
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2018-01-23 19:46:36 -05:00
|
|
|
logger.debug("writing a pre config file with text:\n %s", config_text_pre)
|
|
|
|
|
with open(self.challenge_conf_pre, "w") as new_conf:
|
|
|
|
|
new_conf.write(config_text_pre)
|
|
|
|
|
logger.debug("writing a post config file with text:\n %s", config_text_post)
|
|
|
|
|
with open(self.challenge_conf_post, "w") as new_conf:
|
|
|
|
|
new_conf.write(config_text_post)
|
2018-01-10 23:14:56 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _matching_vhosts(self, domain: str) -> List[VirtualHost]:
|
2019-02-06 13:02:35 -05:00
|
|
|
"""Return all VirtualHost objects that have the requested domain name or
|
|
|
|
|
a wildcard name that would match the domain in ServerName or ServerAlias
|
|
|
|
|
directive.
|
|
|
|
|
"""
|
|
|
|
|
matching_vhosts = []
|
|
|
|
|
for vhost in self.configurator.vhosts:
|
|
|
|
|
if self.configurator.domain_in_names(vhost.get_names(), domain):
|
|
|
|
|
# domain_in_names also matches the exact names, so no need
|
|
|
|
|
# to check "domain in vhost.get_names()" explicitly here
|
|
|
|
|
matching_vhosts.append(vhost)
|
|
|
|
|
|
|
|
|
|
return matching_vhosts
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _relevant_vhosts(self) -> List[VirtualHost]:
|
2018-01-17 12:27:36 -05:00
|
|
|
http01_port = str(self.configurator.config.http01_port)
|
2022-01-21 04:15:48 -05:00
|
|
|
relevant_vhosts: List[VirtualHost] = []
|
2018-01-17 12:27:36 -05:00
|
|
|
for vhost in self.configurator.vhosts:
|
|
|
|
|
if any(a.is_wildcard() or a.get_port() == http01_port for a in vhost.addrs):
|
|
|
|
|
if not vhost.ssl:
|
|
|
|
|
relevant_vhosts.append(vhost)
|
|
|
|
|
if not relevant_vhosts:
|
|
|
|
|
raise errors.PluginError(
|
2018-01-17 13:33:51 -05:00
|
|
|
"Unable to find a virtual host listening on port {0} which is"
|
|
|
|
|
" currently needed for Certbot to prove to the CA that you"
|
|
|
|
|
" control your domain. Please add a virtual host for port"
|
|
|
|
|
" {0}.".format(http01_port))
|
2018-01-17 12:27:36 -05:00
|
|
|
|
|
|
|
|
return relevant_vhosts
|
2018-01-16 13:33:25 -05:00
|
|
|
|
2021-06-21 07:18:29 -04:00
|
|
|
def _unnamed_vhosts(self) -> List[VirtualHost]:
|
|
|
|
|
"""Return all VirtualHost objects with no ServerName"""
|
|
|
|
|
return [vh for vh in self.configurator.vhosts if vh.name is None]
|
|
|
|
|
|
2022-01-24 18:16:19 -05:00
|
|
|
def _set_up_challenges(self) -> List[KeyAuthorizationChallengeResponse]:
|
2018-01-14 18:22:22 -05:00
|
|
|
if not os.path.isdir(self.challenge_dir):
|
Implement umask for Windows (#7967)
This PR gets its root from an observation I did on current version of Certbot (1.3.0): the `renewal-hooks` directory in Certbot configuration directory is created on Windows with write permissions to everybody.
I thought it was a critical bug since this directory contains hooks that are executed by Certbot, and you certainly do not want this folder to be open to any malicious hook that could be inserted by everyone, then executed with administrator privileges by Certbot.
Turns out for this specific problem that the bug is not critical for the hooks, because the scripts are expected to be in subdirectories of `renewal-hooks` (namely `pre`, `post` and `deploy`), and these subdirectories have proper permissions because we set them explicitly when Certbot is starting.
Still, there is a divergence here between Linux and Windows: on Linux all Certbot directories without explicit permissions have at maximum `0o755` permissions by default, while on Windows it is a `0o777` equivalent. It is not an immediate security risk, but it is definitly error-prone, not expected, and so a potential breach in the future if we forget about it.
Root cause is that umask is not existing in Windows. Indeed under Linux the umask defines the default permissions when you create a file or a directory. Python takes that into account, with an API for `os.open` and `os.mkdir` that expose a `mode` parameter with default value of `0o777`. In practice it is never `0o777` (either you the the `mode` explictly or left the default one) because the effective mode is masked by the current umask value in the system: on Linux it is `0o022`, so files/directories have a maximum mode of `0o755` if you did not set the umask explicitly, and it is what it is observed for Certbot.
However on Windows, the `mode` value passed (and got from default) to the `open` and `mkdir` of `certbot.compat.filesystem` module is taken verbatim, since umask does not exit, and then is used to calculate the DACL of the newly created file/directory. So if the mode is not set explicitly, we end up with files and directories with `0o777` permissions.
This PR fixes this problem by implementing a umask behavior in the `certbot.compat.filesystem` module, that will be applied to any file or directory created by Certbot since we forbid to use the `os` module directly.
The implementation is quite straight-forward. For Linux the behavior is not changed. On Windows a `mask` parameter is added to the function that calculates the DACL, to be invoked appropriately when file or directory are created. The actual value of the mask is taken from an internal class of the `filesystem` module: its default value is `0o755` to match default umasks on Linux, and can be changed with the new method `umask` that have the same behavior than the original `os.umask`. Of course `os.umask` becomes a forbidden function and `filesystem.umask` must be used instead.
Existing code that is impacted have been updated, and new unit tests are created for this new function.
* Implement umask for Windows
* Set umask at the beginning of tests
* Fix lint, update local oldest requirements
* Update certbot-apache/setup.py
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
* Improve tests
* Adapt filesystem.makedirs for Windows
* Fix
* Update certbot-apache/setup.py
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
* Changelog entries
* Fix lint
* Update certbot/CHANGELOG.md
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
2020-06-09 20:08:22 -04:00
|
|
|
old_umask = filesystem.umask(0o022)
|
2020-02-05 16:17:29 -05:00
|
|
|
try:
|
|
|
|
|
filesystem.makedirs(self.challenge_dir, 0o755)
|
|
|
|
|
except OSError as exception:
|
|
|
|
|
if exception.errno not in (errno.EEXIST, errno.EISDIR):
|
|
|
|
|
raise errors.PluginError(
|
|
|
|
|
"Couldn't create root for http-01 challenge")
|
|
|
|
|
finally:
|
Implement umask for Windows (#7967)
This PR gets its root from an observation I did on current version of Certbot (1.3.0): the `renewal-hooks` directory in Certbot configuration directory is created on Windows with write permissions to everybody.
I thought it was a critical bug since this directory contains hooks that are executed by Certbot, and you certainly do not want this folder to be open to any malicious hook that could be inserted by everyone, then executed with administrator privileges by Certbot.
Turns out for this specific problem that the bug is not critical for the hooks, because the scripts are expected to be in subdirectories of `renewal-hooks` (namely `pre`, `post` and `deploy`), and these subdirectories have proper permissions because we set them explicitly when Certbot is starting.
Still, there is a divergence here between Linux and Windows: on Linux all Certbot directories without explicit permissions have at maximum `0o755` permissions by default, while on Windows it is a `0o777` equivalent. It is not an immediate security risk, but it is definitly error-prone, not expected, and so a potential breach in the future if we forget about it.
Root cause is that umask is not existing in Windows. Indeed under Linux the umask defines the default permissions when you create a file or a directory. Python takes that into account, with an API for `os.open` and `os.mkdir` that expose a `mode` parameter with default value of `0o777`. In practice it is never `0o777` (either you the the `mode` explictly or left the default one) because the effective mode is masked by the current umask value in the system: on Linux it is `0o022`, so files/directories have a maximum mode of `0o755` if you did not set the umask explicitly, and it is what it is observed for Certbot.
However on Windows, the `mode` value passed (and got from default) to the `open` and `mkdir` of `certbot.compat.filesystem` module is taken verbatim, since umask does not exit, and then is used to calculate the DACL of the newly created file/directory. So if the mode is not set explicitly, we end up with files and directories with `0o777` permissions.
This PR fixes this problem by implementing a umask behavior in the `certbot.compat.filesystem` module, that will be applied to any file or directory created by Certbot since we forbid to use the `os` module directly.
The implementation is quite straight-forward. For Linux the behavior is not changed. On Windows a `mask` parameter is added to the function that calculates the DACL, to be invoked appropriately when file or directory are created. The actual value of the mask is taken from an internal class of the `filesystem` module: its default value is `0o755` to match default umasks on Linux, and can be changed with the new method `umask` that have the same behavior than the original `os.umask`. Of course `os.umask` becomes a forbidden function and `filesystem.umask` must be used instead.
Existing code that is impacted have been updated, and new unit tests are created for this new function.
* Implement umask for Windows
* Set umask at the beginning of tests
* Fix lint, update local oldest requirements
* Update certbot-apache/setup.py
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
* Improve tests
* Adapt filesystem.makedirs for Windows
* Fix
* Update certbot-apache/setup.py
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
* Changelog entries
* Fix lint
* Update certbot/CHANGELOG.md
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
2020-06-09 20:08:22 -04:00
|
|
|
filesystem.umask(old_umask)
|
2018-01-10 23:14:56 -05:00
|
|
|
|
|
|
|
|
responses = []
|
|
|
|
|
for achall in self.achalls:
|
|
|
|
|
responses.append(self._set_up_challenge(achall))
|
|
|
|
|
|
|
|
|
|
return responses
|
|
|
|
|
|
2022-01-24 18:16:19 -05:00
|
|
|
def _set_up_challenge(self, achall: KeyAuthorizationAnnotatedChallenge
|
|
|
|
|
) -> KeyAuthorizationChallengeResponse:
|
2018-01-10 23:14:56 -05:00
|
|
|
response, validation = achall.response_and_validation()
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
name: str = os.path.join(self.challenge_dir, achall.chall.encode("token"))
|
2018-01-14 18:22:22 -05:00
|
|
|
|
|
|
|
|
self.configurator.reverter.register_file_creation(True, name)
|
2018-01-10 23:14:56 -05:00
|
|
|
with open(name, 'wb') as f:
|
|
|
|
|
f.write(validation.encode())
|
2019-06-20 13:52:43 -04:00
|
|
|
filesystem.chmod(name, 0o644)
|
2018-01-10 23:14:56 -05:00
|
|
|
|
|
|
|
|
return response
|
2018-01-16 13:33:25 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _set_up_include_directives(self, vhost: VirtualHost) -> None:
|
2018-01-23 19:46:36 -05:00
|
|
|
"""Includes override configuration to the beginning and to the end of
|
|
|
|
|
VirtualHost. Note that this include isn't added to Augeas search tree"""
|
2018-01-17 07:08:45 -05:00
|
|
|
|
|
|
|
|
if vhost not in self.moded_vhosts:
|
|
|
|
|
logger.debug(
|
Lint certbot code on Python 3, and update Pylint to the latest version (#7551)
Part of #7550
This PR makes appropriate corrections to run pylint on Python 3.
Why not keeping the dependencies unchanged and just run pylint on Python 3?
Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid.
Why updating pylint + astroid to the latest version ?
Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8.
Why upgrading mypy ?
Because the old version does not support the new version of astroid required to run pylint correctly.
Why not upgrading mypy to its latest version ?
Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR.
That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors.
I also made PyLint and MyPy checks run correctly on Windows.
* Start configuration
* Reconfigure travis
* Suspend a check specific to python 3. Start fixing code.
* Repair call_args
* Fix return + elif lints
* Reconfigure development to run mainly on python3
* Remove incompatible Python 3.4 jobs
* Suspend pylint in some assertions
* Remove pylint in dev
* Take first mypy that supports typed-ast>=1.4.0 to limit the migration path
* Various return + else lint errors
* Find a set of deps that is working with current mypy version
* Update local oldest requirements
* Remove all current pylint errors
* Rebuild letsencrypt-auto
* Update mypy to fix pylint with new astroid version, and fix mypy issues
* Explain type: ignore
* Reconfigure tox, fix none path
* Simplify pinning
* Remove useless directive
* Remove debugging code
* Remove continue
* Update requirements
* Disable unsubscriptable-object check
* Disable one check, enabling two more
* Plug certbot dev version for oldest requirements
* Remove useless disable directives
* Remove useless no-member disable
* Remove no-else-* checks. Use elif in symetric branches.
* Add back assertion
* Add new line
* Remove unused pylint disable
* Remove other pylint disable
2019-12-10 17:12:50 -05:00
|
|
|
"Adding a temporary challenge validation Include for name: %s in: %s",
|
|
|
|
|
vhost.name, vhost.filep)
|
2018-01-17 07:08:45 -05:00
|
|
|
self.configurator.parser.add_dir_beginning(
|
2018-01-23 19:46:36 -05:00
|
|
|
vhost.path, "Include", self.challenge_conf_pre)
|
|
|
|
|
self.configurator.parser.add_dir(
|
|
|
|
|
vhost.path, "Include", self.challenge_conf_post)
|
|
|
|
|
|
2018-08-01 15:00:47 -04:00
|
|
|
if not vhost.enabled:
|
|
|
|
|
self.configurator.parser.add_dir(
|
|
|
|
|
get_aug_path(self.configurator.parser.loc["default"]),
|
|
|
|
|
"Include", vhost.filep)
|
|
|
|
|
|
2018-01-17 07:08:45 -05:00
|
|
|
self.moded_vhosts.add(vhost)
|
