Get the intermediate certificate whenever needed

The intermediate certificate was currently retrieved locally only for the 1st certificate generation. This causes issues when the intermediate cerficiate changes (recent change from X3 to R3) and the certificates just need to be renewed. This patch moves the retrieval of the intermediate certificate along with the certificate creation to be sure the former exists before being attached to the latter.
Spredzy · Jan 11, 2021 · 6173c49 · 6173c49
1 parent 3e6a702
commit 6173c49
Showing 1 changed file with 8 additions and 10 deletions.
diff --git a/lecm/certificate.py b/lecm/certificate.py
@@ -105,14 +105,15 @@ def _create_filesystem(self):
                 utils.enforce_selinux_context(self.path)
 
     def _get_intermediate_certificate(self):
-        certificate = requests.get(_INTERMEDIATE_CERTIFICATE_URL).text
         certificate_name = os.path.basename(_INTERMEDIATE_CERTIFICATE_URL)
-
-        LOG.info('[global] Getting intermediate certificate PEM file: %s' %
-                 certificate_name)
         if not os.path.exists('%s/pem/%s' % (self.path, certificate_name)):
-            with open('%s/pem/%s' % (self.path, certificate_name), 'w') as f:
-                f.write(certificate)
+            certificate = requests.get(_INTERMEDIATE_CERTIFICATE_URL).text
+
+            LOG.info('[global] Getting intermediate certificate PEM file: %s' %
+                     certificate_name)
+            if not os.path.exists('%s/pem/%s' % (self.path, certificate_name)):
+                with open('%s/pem/%s' % (self.path, certificate_name), 'w') as f:
+                    f.write(certificate)
 
     def _create_account_key(self):
         account_key = crypto.PKey()
@@ -257,6 +258,7 @@ def _create_certificate(self):
 
             LOG.debug('[%s] Concatenating certificate with intermediate pem: \
                       %s/pem/%s.pem' % (self.name, self.path, self.name))
+            self._get_intermediate_certificate()
             pem_filename = os.path.basename(_INTERMEDIATE_CERTIFICATE_URL)
             filenames = ['%s/certs/%s.crt' % (self.path, self.name),
                          '%s/pem/%s' % (self.path, pem_filename)]
@@ -287,10 +289,6 @@ def generate(self):
 
         self._create_filesystem()
 
-        certificate_name = os.path.basename(_INTERMEDIATE_CERTIFICATE_URL)
-        if not os.path.exists('%s/pem/%s' % (self.path, certificate_name)):
-            self._get_intermediate_certificate()
-
         # Ensure there is no left-over from previous setup
         #
         try: