Add include to every VirtualHost if definite one not found based on name

hyt-hz · Jan 17, 2018 · b8f288a · b8f288a
1 parent f420b19
commit b8f288a
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 5 deletions.
diff --git a/certbot-apache/certbot_apache/http_01.py b/certbot-apache/certbot_apache/http_01.py
@@ -36,6 +36,7 @@ def __init__(self, *args, **kwargs):
         self.challenge_dir = os.path.join(
             self.configurator.config.work_dir,
             "http_challenges")
+        self.moded_vhosts = set()
 
     def perform(self):
         """Perform all HTTP-01 challenges."""
@@ -71,14 +72,16 @@ def prepare_http01_modules(self):
                     self.configurator.enable_mod(mod, temp=True)
 
     def _mod_config(self):
-        moded_vhosts = set()
         for chall in self.achalls:
             vh = self.configurator.find_best_http_vhost(
                 chall.domain, filter_defaults=False,
                 port=str(self.configurator.config.http01_port))
-            if vh and vh not in moded_vhosts:
+            if vh:
                 self._set_up_include_directive(vh)
-                moded_vhosts.add(vh)
+            else:
+                for vh in self.configurator.vhosts:
+                    if not vh.ssl:
+                        self._set_up_include_directive(vh)
 
         self.configurator.reverter.register_file_creation(
             True, self.challenge_conf)
@@ -121,5 +124,11 @@ def _set_up_challenge(self, achall):
     def _set_up_include_directive(self, vhost):
         """Includes override configuration to the beginning of VirtualHost.
         Note that this include isn't added to Augeas search tree"""
-        self.configurator.parser.add_dir_beginning(vhost.path, "Include",
-                                                   self.challenge_conf)
+
+        if vhost not in self.moded_vhosts:
+            logger.debug(
+                "Adding a temporary challenge validation Include for name: %s " +
+                "in: %s", vhost.name, vhost.filep)
+            self.configurator.parser.add_dir_beginning(
+                vhost.path, "Include", self.challenge_conf)
+            self.moded_vhosts.add(vhost)
diff --git a/certbot-apache/certbot_apache/tests/http_01_test.py b/certbot-apache/certbot_apache/tests/http_01_test.py
@@ -129,6 +129,16 @@ def test_same_vhost(self):
         ]
         self.common_perform_test(achalls, [vhost])
 
+    def test_anonymous_vhost(self):
+        vhosts = [v for v in self.config.vhosts if not v.ssl]
+        achalls = [
+            achallenges.KeyAuthorizationAnnotatedChallenge(
+                challb=acme_util.chall_to_challb(
+                    challenges.HTTP01(token=((b'a' * 16))),
+                    "pending"),
+                domain="something.nonexistent", account_key=self.account_key)]
+        self.common_perform_test(achalls, vhosts)
+
     def common_perform_test(self, achalls, vhosts):
         """Tests perform with the given achalls."""
         challenge_dir = self.http.challenge_dir