diff --git a/plogical/renew.py b/plogical/renew.py index d46214f6f..f6a9145d1 100644 --- a/plogical/renew.py +++ b/plogical/renew.py @@ -78,6 +78,9 @@ class Renew: try: logging.writeToFile('Restarting mail services for them to see new SSL.', 0) + # Update mail SSL configuration for all domains + self._update_all_mail_ssl_configs() + commands = [ 'postmap -F hash:/etc/postfix/vmail_ssl.map', 'systemctl restart postfix', @@ -93,6 +96,22 @@ class Renew: except Exception as e: logging.writeToFile(f'Error restarting services: {str(e)}', 1) + def _update_all_mail_ssl_configs(self) -> None: + """Update mail SSL configuration for all domains after renewal""" + try: + logging.writeToFile('Updating mail SSL configurations for all domains.', 0) + + # Update mail SSL config for all websites + for website in Websites.objects.filter(state=1): + virtualHostUtilities.updateMailSSLConfig(website.domain) + + # Update mail SSL config for all child domains + for child in ChildDomains.objects.all(): + virtualHostUtilities.updateMailSSLConfig(child.domain) + + except Exception as e: + logging.writeToFile(f'Error updating mail SSL configs: {str(e)}', 1) + def SSLObtainer(self): try: logging.writeToFile('Running SSL Renew Utility') diff --git a/plogical/virtualHostUtilities.py b/plogical/virtualHostUtilities.py index 985de1916..95d201d33 100644 --- a/plogical/virtualHostUtilities.py +++ b/plogical/virtualHostUtilities.py @@ -761,6 +761,12 @@ local_name %s { print("0," + parsed_error) return 0, parsed_error + # Update vhost SSL configuration with new certificate paths + virtualHostUtilities.updateVhostSSLConfig(virtualHost) + + # Update mail SSL configuration for this domain + virtualHostUtilities.updateMailSSLConfig(virtualHost) + installUtilities.installUtilities.reStartLiteSpeed() command = 'systemctl restart postfix' @@ -1086,6 +1092,84 @@ local_name %s { print("0," + str(msg)) return 0, str(msg) + @staticmethod + def updateVhostSSLConfig(virtualHost): + """Update vhost SSL configuration with new certificate paths""" + try: + logging.CyberCPLogFileWriter.writeToFile(f"Updating vhost SSL configuration for {virtualHost}") + + # Update vhost configuration file + vhostConfPath = f'/usr/local/lsws/conf/vhosts/{virtualHost}/vhost.conf' + if os.path.exists(vhostConfPath): + with open(vhostConfPath, 'r') as f: + content = f.read() + + # Update SSL certificate paths in vhost configuration + new_ssl_config = f"""vhssl {{ + keyFile /etc/letsencrypt/live/{virtualHost}/privkey.pem + certFile /etc/letsencrypt/live/{virtualHost}/fullchain.pem + certChain 1 + sslProtocol 24 + enableECDHE 1 + renegProtection 1 + sslSessionCache 1 + enableSpdy 15 + enableStapling 1 + ocspRespMaxAge 86400 +}}""" + + # Replace existing vhssl block + import re + pattern = r'vhssl\s*\{[^}]*\}' + if re.search(pattern, content, re.DOTALL): + content = re.sub(pattern, new_ssl_config, content, flags=re.DOTALL) + else: + # Add vhssl block if it doesn't exist + content += f"\n{new_ssl_config}\n" + + with open(vhostConfPath, 'w') as f: + f.write(content) + + logging.CyberCPLogFileWriter.writeToFile(f"Updated vhost SSL configuration for {virtualHost}") + + except Exception as e: + logging.CyberCPLogFileWriter.writeToFile(f"Error updating vhost SSL config for {virtualHost}: {str(e)}") + + @staticmethod + def updateMailSSLConfig(virtualHost): + """Update mail SSL configuration with new certificate paths""" + try: + logging.CyberCPLogFileWriter.writeToFile(f"Updating mail SSL configuration for {virtualHost}") + + # Update vmail_ssl.map file + postfixMapFile = '/etc/postfix/vmail_ssl.map' + if os.path.exists(postfixMapFile): + with open(postfixMapFile, 'r') as f: + content = f.read() + + # Remove old entries for this domain + lines = content.split('\n') + new_lines = [] + for line in lines: + if not line.startswith(f'{virtualHost} ') and not line.startswith(f'mail.{virtualHost} '): + new_lines.append(line) + + # Add new entries + new_lines.append(f'{virtualHost} /etc/letsencrypt/live/{virtualHost}/privkey.pem /etc/letsencrypt/live/{virtualHost}/fullchain.pem') + new_lines.append(f'mail.{virtualHost} /etc/letsencrypt/live/{virtualHost}/privkey.pem /etc/letsencrypt/live/{virtualHost}/fullchain.pem') + + with open(postfixMapFile, 'w') as f: + f.write('\n'.join(new_lines)) + + # Update postfix map database + command = 'postmap -F hash:/etc/postfix/vmail_ssl.map' + ProcessUtilities.executioner(command) + + logging.CyberCPLogFileWriter.writeToFile(f"Updated mail SSL configuration for {virtualHost}") + + except Exception as e: + logging.CyberCPLogFileWriter.writeToFile(f"Error updating mail SSL config for {virtualHost}: {str(e)}") + @staticmethod def issueSSLForMailServer(virtualHost, path): try: diff --git a/to-do/Skjermbilde 2025-09-21 193540.png b/to-do/Skjermbilde 2025-09-21 193540.png deleted file mode 100644 index 3a8b2aaa8..000000000 Binary files a/to-do/Skjermbilde 2025-09-21 193540.png and /dev/null differ