[10.0][FIX] Make letsencrypt resilient for alternate name removal. (O…

…CA#757) * [FIX] Make letsencrypt resilient for alternate name removal. * [FIX] Do not crash when returning error in letsencrypt cmdline. * [FIX] Restore ordering by name for alternate domains in letsencrypt. Conflicts: letsencrypt/README.rst
NL66278 · Dec 14, 2021 · 7088447 · 7088447
1 parent eef1d5f
commit 7088447
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 15 deletions.
diff --git a/letsencrypt/README.rst b/letsencrypt/README.rst
@@ -139,6 +139,7 @@ Contributors
 * Holger Brunn <hbrunn@therp.nl>
 * Antonio Espinosa <antonio.espinosa@tecnativa.com>
 * Dave Lasley <dave@laslabs.com>
+* Ronald Portier <ronald@therp.nl>
 
 ACME implementation
 -------------------

diff --git a/letsencrypt/models/letsencrypt.py b/letsencrypt/models/letsencrypt.py
@@ -38,13 +38,10 @@ def call_cmdline(self, cmdline, loglevel=logging.INFO,
             _logger.log(loglevel, stderr)
         if stdout:
             _logger.log(loglevel, stdout)
-
         if process.returncode:
             raise exceptions.Warning(
-                _('Error calling %s: %d') % (cmdline[0], process.returncode),
-                ' '.join(cmdline),
+                _('Error calling %s: %d') % (cmdline[0], process.returncode)
             )
-
         return process.returncode
 
     @api.model
@@ -96,19 +93,19 @@ def _ip_is_private(address):
     @api.model
     def generate_csr(self, domain):
         domains = [domain]
-        i = 0
-        while self.env['ir.config_parameter'].get_param(
-                'letsencrypt.altname.%d' % i):
-            domains.append(
-                self.env['ir.config_parameter']
-                .get_param('letsencrypt.altname.%d' % i)
-            )
-            i += 1
+        parameter_model = self.env['ir.config_parameter']
+        altnames = parameter_model.search(
+            [('key', 'like', 'letsencrypt.altname.')],
+            order='key'
+        )
+        for altname in altnames:
+            domains.append(altname.value)
         _logger.info('generating csr for %s', domain)
         if len(domains) > 1:
             _logger.info('with alternative subjects %s', ','.join(domains[1:]))
-        config = self.env['ir.config_parameter'].get_param(
-            'letsencrypt.openssl.cnf', '/etc/ssl/openssl.cnf')
+        config = parameter_model.get_param(
+            'letsencrypt.openssl.cnf', '/etc/ssl/openssl.cnf'
+        )
         csr = os.path.join(get_data_dir(), '%s.csr' % domain)
         with tempfile.NamedTemporaryFile() as cfg:
             cfg.write(open(config).read())
@@ -119,7 +116,7 @@ def generate_csr(self, domain):
             cfg.file.flush()
             cmdline = [
                 'openssl', 'req', '-new',
-                self.env['ir.config_parameter'].get_param(
+                parameter_model.get_param(
                     'letsencrypt.openssl.digest', '-sha256'),
                 '-key', self.generate_domain_key(domain),
                 '-subj', '/CN=%s' % domain, '-config', cfg.name,