diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs index ed47d4527..ee2efff38 100644 --- a/agent/src/Daemon/SslRenew.hs +++ b/agent/src/Daemon/SslRenew.hs @@ -25,10 +25,11 @@ import Constants renewSslLeafCert :: AgentCtx -> IO () renewSslLeafCert ctx = do let base = appFilesystemBase . appSettings $ ctx - hn <- (<> ".local") <$> injectFilesystemBase base getStart9AgentHostname + sid <- injectFilesystemBase base getStart9AgentHostname + let hostname = sid <> ".local" tor <- injectFilesystemBase base getAgentHiddenServiceUrl putStr @Text "SSL Renewal Required? " - needsRenew <- doesSslNeedRenew (toS $ entityCertPath hn `relativeTo` base) + needsRenew <- doesSslNeedRenew (toS $ entityCertPath sid `relativeTo` base) print needsRenew when needsRenew $ runM . injectFilesystemBase base $ do intCaKeyPath <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath @@ -36,9 +37,9 @@ renewSslLeafCert ctx = do intCaCertPath <- toS <$> getAbsoluteLocationFor intermediateCaCertPath sslDirTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory) - entKeyPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn) - entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn) - entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn) + entKeyPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath sid) + entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath sid) + entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath sid) (ec, out, err) <- writeLeafCert DeriveCertificate { applicantConfPath = entConfPathTmp @@ -49,7 +50,7 @@ renewSslLeafCert ctx = do , signingCertPath = intCaCertPath , duration = 365 } - hn + hostname tor liftIO $ do putStrLn @Text "openssl logs" diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs index af72e9fb0..d76fd4ce4 100644 --- a/agent/src/Lib/Synchronizers.hs +++ b/agent/src/Lib/Synchronizers.hs @@ -467,7 +467,8 @@ syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check m replaceDerivativeCerts :: (HasFilesystemBase sig m, Fused.Has (Error S9Error) sig m, MonadIO m) => m () replaceDerivativeCerts = do - hn <- (<> ".local") <$> getStart9AgentHostname + sid <- getStart9AgentHostname + let hostname = sid <> ".local" tor <- getAgentHiddenServiceUrl caKeyPath <- toS <$> getAbsoluteLocationFor rootCaKeyPath @@ -479,11 +480,11 @@ replaceDerivativeCerts = do intCaCertPath <- toS <$> getAbsoluteLocationFor intermediateCaCertPath sslDirTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory) - entKeyPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn) - entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn) - entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn) + entKeyPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath sid) + entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath sid) + entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath sid) liftIO $ createDirectoryIfMissing True sslDirTmp - liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hn) + liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hostname) -- ensure duplicate certificates are acceptable base <- Fused.ask @"filesystemBase" @@ -518,7 +519,7 @@ replaceDerivativeCerts = do , signingCertPath = intCaCertPath , duration = 365 } - hn + hostname tor liftIO $ do putStrLn @Text "openssl logs"