Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Letsencrypt fails to fetch key for all domains, if one alternate domain deleted. #753

Closed
NL66278 opened this issue Feb 28, 2017 · 3 comments
Closed

Letsencrypt fails to fetch key for all domains, if one alternate domain deleted. #753

NL66278 opened this issue Feb 28, 2017 · 3 comments

Comments

@NL66278
Copy link
Contributor

NL66278 commented Feb 28, 2017

Lets say you have several system parameters to use additional domains with letsencrypt:
letsencrypt.altname.1 - info@acme.com
letsencrypt.altname.2 - support@acme.com
letsencrypt.altname.3 - sales@acme.com
letsencrypt.altname.4 - conference@acme.com
letsencrypt.altname.5 - finance@acme.com

Now if you determine you no longer need support@acme.com and you delete the parameter with name letsencrypt.altname.2, letsencrypt will no longer include sales.., conference and finance in the certificate either.

This is due to the following code in models/letsencrypt.py:

 96     @api.model                                                                 
 97     def generate_csr(self, domain):                                            
 98         domains = [domain]                                                     
 99         i = 0                                                                  
100         while self.env['ir.config_parameter'].get_param(                       
101                 'letsencrypt.altname.%d' % i):                                 
102             domains.append(                                                    
103                 self.env['ir.config_parameter']                                
104                 .get_param('letsencrypt.altname.%d' % i)                       
105             )                                                                  
106             i += 1                                                             
107         _logger.info('generating csr for %s', domain)

A workaround would be to renumber all the altname parameters to make the numbering without gaps again. No need to explain this is cumbersome and easily overlooked.
I think the solution would be to use all parameters that start with letsencrypt.altname.
@NL66278
Copy link
Contributor Author

NL66278 commented Feb 28, 2017

See PR: #755

This was referenced Feb 28, 2017
Merged
Merged
@pedrobaeza
Copy link
Member

Already solved in PRs, so I close.

@hbrunn
Copy link
Member

hbrunn commented Mar 30, 2017

Note: I regret my choice having this in different parameters. For subsequent versions, we should have a key letsencrypt.altnames whcih simply contains a space separated list of domains. For a transition phase, we can have both of course (or implement only this and write a migration)

SiesslPhillip pushed a commit to grueneerde/OCA-server-tools that referenced this issue Nov 20, 2024
@bt-admin
Merge pull request OCA#753 from OCA/14.0
071bd4c 
Syncing from upstream OCA/server-tools (14.0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hbrunn @NL66278 @pedrobaeza