From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2A9806B680 for ; Wed, 17 Mar 2021 11:02:21 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1F9B02BD18 for ; Wed, 17 Mar 2021 11:02:21 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 433CD2BD08 for ; Wed, 17 Mar 2021 11:02:20 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 008804273E for ; Wed, 17 Mar 2021 11:02:20 +0100 (CET) From: Wolfgang Bumiller To: pmg-devel@lists.proxmox.com Date: Wed, 17 Mar 2021 11:02:16 +0100 Message-Id: <20210317100216.8008-5-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210317100216.8008-1-w.bumiller@proxmox.com> References: <20210317100216.8008-1-w.bumiller@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.029 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH api 4/4] check acme cert expiration in pmg-daily X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2021 10:02:21 -0000 Signed-off-by: Wolfgang Bumiller --- src/bin/pmg-daily | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/bin/pmg-daily b/src/bin/pmg-daily index 8865c94..d454c62 100755 --- a/src/bin/pmg-daily +++ b/src/bin/pmg-daily @@ -8,6 +8,7 @@ use strict; use warnings; use Time::Local; +use PVE::Certificate; use PVE::SafeSyslog; use PVE::INotify; use PVE::RESTEnvironment; @@ -18,6 +19,9 @@ use PMG::ClusterConfig; use PMG::DBTools; use PMG::API2::Subscription; use PMG::API2::APT; +use PMG::API2::Certificates; +use PMG::CertHelpers; +use PMG::NodeConfig; $SIG{'__WARN__'} = sub { my $err = $@; @@ -89,5 +93,37 @@ PMG::Utils::service_cmd('pmg-smtp-filter', 'restart') if $restart_filter; # run bayes database maintainance system('sa-learn --force-expire >/dev/null 2>&1'); +eval { + my $node_config = PMG::NodeConfig::load_config(); + my $acme_node_config = PMG::NodeConfig::get_acme_conf($node_config); + my $acme_domains = $acme_node_config && $acme_node_config->{domains}; + if ($acme_domains) { + my %typed_domains = map { + $_ => PMG::NodeConfig::filter_domains_by_type($acme_domains, $_) + } qw(api smtp); + + foreach my $type (qw(api smtp)) { + next if !$typed_domains{$type}; + + # Guard both certificates separately. + eval { + my $cert = PMG::CertHelpers::cert_path($type); + if (!-e $cert) { + syslog ('info', "ACME config found for '$type' certificate, but no custom certificate exists. Skipping ACME renewal until initial certificate has been deployed."); + next; + } + + if (PVE::Certificate::check_expiry($cert, time() + 30*24*60*60)) { + PMG::API2::Certificates->renew_acme_cert({ node => $nodename, type => $type }); + } else { + syslog ('info', "Custom '$type' certificate does not expire soon, skipping ACME renewal."); + } + }; + syslog ('err', "Renewing '$type' ACME certificate failed: $@") if $@; + } + } +}; +syslog ('err', "Renewing ACME certificate failed: $@") if $@; + exit (0); -- 2.20.1