Improve ACME implementation

Fixes #2487, fixes #2590, fixes #2638
2024-11-22 16:20:52 +01:00 · 2019-09-20 12:36:31 +03:00 · 2019-09-20 12:36:31 +03:00 · e227940b85
commit e227940b85
parent 0fe1e40a9d
12 changed files with 714 additions and 1628 deletions
--- a/include/ejabberd_acme.hrl
+++ b/include/ejabberd_acme.hrl
@ -1,53 +0,0 @@
 -record(challenge, {
 	  type  = <<"http-01">> :: bitstring(),
 	  status = pending :: pending | valid | invalid,
 	  uri = "" :: url(),
 	  token = <<"">> :: bitstring()
 	 }).
 -record(data_acc, {
 	  id     :: list(),
 	  ca_url :: url(),
 	  key    :: jose_jwk:key()
 	 }).
 -type data_acc() :: #data_acc{}.
 -record(data_cert, {
 	  domain  :: bitstring(),
 	  pem     :: pem(),
 	  path    :: string()
 	 }).
 -type data_cert() :: #data_cert{}.
 %%
 %% Types
 %%
 %% Acme configuration
 -type acme_config() :: [{ca_url, url()} | {contact, bitstring()}].
 %% The main data type that ejabberd_acme keeps
 -type acme_data() :: proplist().
 %% The list of certificates kept in data
 -type data_certs() :: proplist(bitstring(), data_cert()).
 %% The certificate saved in pem format
 -type pem() :: bitstring().
 -type nonce() :: string().
 -type url() :: string().
 -type proplist() :: [{_, _}].
 -type proplist(X,Y) :: [{X,Y}].
 -type dirs() :: #{string() => url()}.
 -type jws() :: map().
 -type handle_resp_fun() :: fun(({ok, proplist(), proplist()}) -> {ok, _, nonce()}).
 -type acme_challenge() :: #challenge{}.
 %% Options
 -type account_opt() :: string().
 -type verbose_opt() :: string().
 -type domains_opt() :: string().
--- a/rebar.config
+++ b/rebar.config
@ -29,10 +29,11 @@
 	{yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.0"}}},
        {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
        {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.5"}}},
-        {pkix, ".*", {git, "https://github.com/processone/pkix", {tag, "1.0.3"}}},
+        {pkix, ".*", {git, "https://github.com/processone/pkix", "91636e7"}},
        {jose, ".*", {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.8.4"}}},
        {eimp, ".*", {git, "https://github.com/processone/eimp", {tag, "1.0.12"}}},
        {mqtree, ".*", {git, "https://github.com/processone/mqtree", {tag, "1.0.4"}}},
 	{acme, ".*", {git, "https://github.com/processone/acme.git", "7d5382265f"}},
        {if_var_true, stun, {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.29"}}}},
        {if_var_true, sip, {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.30"}}}},
        {if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
--- a/src/ejabberd_acme.erl
+++ b/src/ejabberd_acme.erl
--- a/src/ejabberd_acme_comm.erl
+++ b/src/ejabberd_acme_comm.erl
@ -1,407 +0,0 @@
 -module(ejabberd_acme_comm).
 -export([%% Directory
 	 directory/1,
         %% Account
 	 new_account/4,
 	 update_account/4,
 	 get_account/3,
 	 delete_account/3,
         %% Authorization
 	 new_authz/4,
 	 get_authz/1,
 	 complete_challenge/4,
         %% Authorization polling
 	 get_authz_until_valid/1,
 	 %% Certificate
 	 new_cert/4,
         get_cert/1,
         revoke_cert/4,
 	 get_issuer_cert/1
         %% Not yet implemented
 	 %% key_roll_over/5
         %% delete_authz/3
 	]).
 -include("logger.hrl").
 -include("xmpp.hrl").
 -include("ejabberd_acme.hrl").
 -include_lib("public_key/include/public_key.hrl").
 -define(REQUEST_TIMEOUT, 5000). % 5 seconds.
 -define(MAX_POLL_REQUESTS, 20).
 -define(POLL_WAIT_TIME, 500). % 500 ms.
 %%%
 %%% This module contains functions that implement all necessary http
 %%% requests to the ACME Certificate Authority. Its purpose is to
 %%% facilitate the acme client implementation by separating the
 %%% handling/validating/parsing of all the needed http requests.
 %%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Directory
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec directory(url()) -> {ok, dirs(), nonce()} | {error, _}.
 directory(CAUrl) ->
    Url = CAUrl ++ "/directory",
    prepare_get_request(Url, fun get_dirs/1).
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Account Handling
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec new_account(dirs(), jose_jwk:key(), proplist(), nonce()) ->
 			 {ok, {url(), proplist()}, nonce()} | {error, _}.
 new_account(Dirs, PrivateKey, Req, Nonce) ->
    #{"new-reg" := Url} = Dirs,
    EJson = {[{ <<"resource">>, <<"new-reg">>}] ++ Req},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_tos/1).
 -spec update_account({url(), string()}, jose_jwk:key(), proplist(), nonce()) ->
 			    {ok, proplist(), nonce()} | {error, _}.
 update_account({CAUrl, AccId}, PrivateKey, Req, Nonce) ->
    Url = CAUrl ++ "/acme/reg/" ++ AccId,
    EJson = {[{ <<"resource">>, <<"reg">>}] ++ Req},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1).
 -spec get_account({url(), string()}, jose_jwk:key(), nonce()) ->
 			 {ok, {url(), proplist()}, nonce()} | {error, _}.
 get_account({CAUrl, AccId}, PrivateKey, Nonce) ->
    Url = CAUrl ++ "/acme/reg/" ++ AccId,
    EJson = {[{<<"resource">>, <<"reg">>}]},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_tos/1).
 -spec delete_account({url(), string()}, jose_jwk:key(), nonce()) ->
 			    {ok, proplist(), nonce()} | {error, _}.
 delete_account({CAUrl, AccId}, PrivateKey, Nonce) ->
    Url = CAUrl ++ "/acme/reg/" ++ AccId,
    EJson =
 	{[{<<"resource">>, <<"reg">>},
 	  {<<"status">>, <<"deactivated">>}]},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1).
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Authorization Handling
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec new_authz(dirs(), jose_jwk:key(), proplist(), nonce()) ->
 		       {ok, {url(), proplist()}, nonce()} | {error, _}.
 new_authz(Dirs, PrivateKey, Req, Nonce) ->
    #{"new-authz" := Url} = Dirs,
    EJson = {[{<<"resource">>, <<"new-authz">>}] ++ Req},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_location/1).
 -spec get_authz({url(), string()}) -> {ok, proplist(), nonce()} | {error, _}.
 get_authz({CAUrl, AuthzId}) ->
    Url = CAUrl ++ "/acme/authz/" ++ AuthzId,
    prepare_get_request(Url, fun get_response/1).
 -spec complete_challenge({url(), string(), string()}, jose_jwk:key(), proplist(), nonce()) ->
 				{ok, proplist(), nonce()} | {error, _}.
 complete_challenge({CAUrl, AuthzId, ChallId}, PrivateKey, Req, Nonce) ->
    Url = CAUrl ++ "/acme/challenge/" ++ AuthzId ++ "/" ++ ChallId,
    EJson = {[{<<"resource">>, <<"challenge">>}] ++ Req},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1).
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Certificate Handling
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec new_cert(dirs(), jose_jwk:key(), proplist(), nonce()) ->
 		      {ok, {url(), list()}, nonce()} | {error, _}.
 new_cert(Dirs, PrivateKey, Req, Nonce) ->
    #{"new-cert" := Url} = Dirs,
    EJson = {[{<<"resource">>, <<"new-cert">>}] ++ Req},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response_link_up/1,
 			 "application/pkix-cert").
 -spec get_cert({url(), string()}) -> {ok, list(), nonce()} | {error, _}.
 get_cert({CAUrl, CertId}) ->
    Url = CAUrl ++ "/acme/cert/" ++ CertId,
    prepare_get_request(Url, fun get_response/1, "application/pkix-cert").
 -spec revoke_cert(dirs(), jose_jwk:key(), proplist(), nonce()) ->
 			 {ok, _, nonce()} | {error, _}.
 revoke_cert(Dirs, PrivateKey, Req, Nonce) ->
    #{"revoke-cert" := Url} = Dirs,
    EJson = {[{<<"resource">>, <<"revoke-cert">>}] ++ Req},
    prepare_post_request(Url, PrivateKey, EJson, Nonce, fun get_response/1,
                         "application/pkix-cert").
 -spec get_issuer_cert(url()) -> {ok, list(), nonce()} | {error, _}.
 get_issuer_cert(IssuerCertUrl) ->
    prepare_get_request(IssuerCertUrl, fun get_response/1, "application/pkix-cert").
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Handle Response Functions
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec get_dirs({ok, proplist(), proplist()}) -> {ok, map(), nonce()}.
 get_dirs({ok, Head, Return}) ->
    NewNonce = get_nonce(Head),
    StrDirectories = [{bitstring_to_list(X), bitstring_to_list(Y)} ||
 			 {X, Y} <- Return, is_bitstring(X) andalso is_bitstring(Y)],
    NewDirs = maps:from_list(StrDirectories),
    {ok, NewDirs, NewNonce}.
 -spec get_response({ok, proplist(), proplist()}) -> {ok, proplist(), nonce()}.
 get_response({ok, Head, Return}) ->
    NewNonce = get_nonce(Head),
    {ok, Return, NewNonce}.
 -spec get_response_tos({ok, proplist(), proplist()}) -> {ok, {url(), proplist()}, nonce()}.
 get_response_tos({ok, Head, Return}) ->
    TOSUrl = get_tos(Head),
    NewNonce = get_nonce(Head),
    {ok, {TOSUrl, Return}, NewNonce}.
 -spec get_response_location({ok, proplist(), proplist()}) -> {ok, {url(), proplist()}, nonce()}.
 get_response_location({ok, Head, Return}) ->
    Location = get_location(Head),
    NewNonce = get_nonce(Head),
    {ok, {Location, Return}, NewNonce}.
 -spec get_response_link_up({ok, proplist(), proplist()}) -> {ok, {url(), proplist()}, nonce()}.
 get_response_link_up({ok, Head, Return}) ->
    LinkUp = get_link_up(Head),
    NewNonce = get_nonce(Head),
    {ok, {LinkUp, Return}, NewNonce}.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Authorization Polling
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec get_authz_until_valid({url(), string()}) -> {ok, proplist(), nonce()} | {error, _}.
 get_authz_until_valid({CAUrl, AuthzId}) ->
    get_authz_until_valid({CAUrl, AuthzId}, ?MAX_POLL_REQUESTS).
 -spec get_authz_until_valid({url(), string()}, non_neg_integer()) ->
 				   {ok, proplist(), nonce()} | {error, _}.
 get_authz_until_valid({_CAUrl, _AuthzId}, 0) ->
    ?ERROR_MSG("Maximum request limit waiting for validation reached", []),
    {error, max_request_limit};
 get_authz_until_valid({CAUrl, AuthzId}, N) ->
    case get_authz({CAUrl, AuthzId}) of
 	{ok, Resp, Nonce} ->
 	    case is_authz_valid(Resp) of
 		true ->
 		    {ok, Resp, Nonce};
 		false ->
 		    timer:sleep(?POLL_WAIT_TIME),
 		    get_authz_until_valid({CAUrl, AuthzId}, N-1)
 	    end;
 	{error, _} = Err ->
 	    Err
    end.
 -spec is_authz_valid(proplist()) -> boolean().
 is_authz_valid(Authz) ->
    case proplists:lookup(<<"status">>, Authz) of
 	{<<"status">>, <<"valid">>} ->
 	    true;
 	_ ->
 	    false
    end.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Request Functions
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% TODO: Fix the duplicated code at the below 4 functions
 -spec make_post_request(url(), bitstring(), string()) ->
 			       {ok, proplist(), proplist()} | {error, _}.
 make_post_request(Url, ReqBody, ResponseType) ->
    Options = [],
    HttpOptions = [{timeout, ?REQUEST_TIMEOUT}],
    case httpc:request(post,
 		       {Url, [], "application/jose+json", ReqBody}, HttpOptions, Options) of
 	{ok, {{_, Code, _}, Head, Body}} when Code >= 200, Code =< 299 ->
 	    decode_response(Head, Body, ResponseType);
 	Error ->
 	    failed_http_request(Error, Url)
    end.
 -spec make_get_request(url(), string()) ->
 			      {ok, proplist(), proplist()} | {error, _}.
 make_get_request(Url, ResponseType) ->
    Options = [],
    HttpOptions = [{timeout, ?REQUEST_TIMEOUT}],
    case httpc:request(get, {Url, []}, HttpOptions, Options) of
 	{ok, {{_, Code, _}, Head, Body}} when Code >= 200, Code =< 299 ->
 	    decode_response(Head, Body, ResponseType);
 	Error ->
 	    failed_http_request(Error, Url)
    end.
 -spec prepare_post_request(url(), jose_jwk:key(), jiffy:json_value(),
 			   nonce(), handle_resp_fun()) -> {ok, _, nonce()} | {error, _}.
 prepare_post_request(Url, PrivateKey, EJson, Nonce, HandleRespFun) ->
    prepare_post_request(Url, PrivateKey, EJson, Nonce, HandleRespFun, "application/jose+json").
 -spec prepare_post_request(url(), jose_jwk:key(), jiffy:json_value(),
 			   nonce(), handle_resp_fun(), string()) -> {ok, _, nonce()} | {error, _}.
 prepare_post_request(Url, PrivateKey, EJson, Nonce, HandleRespFun, ResponseType) ->
    case encode(EJson) of
 	{ok, ReqBody} ->
 	    FinalBody = sign_encode_json_jose(PrivateKey, ReqBody, Nonce),
 	    case make_post_request(Url, FinalBody, ResponseType) of
 		{ok, Head, Return} ->
 		    HandleRespFun({ok, Head, Return});
 		Error ->
 		    Error
 	    end;
 	{error, Reason} ->
 	    ?ERROR_MSG("Error: ~p when encoding: ~p", [Reason, EJson]),
 	    {error, Reason}
    end.
 -spec prepare_get_request(url(), handle_resp_fun()) ->
 				 {ok, _, nonce()} | {error, _}.
 prepare_get_request(Url, HandleRespFun) ->
    prepare_get_request(Url, HandleRespFun, "application/jose+json").
 -spec prepare_get_request(url(), handle_resp_fun(), string()) ->
 				 {ok, _, nonce()} | {error, _}.
 prepare_get_request(Url, HandleRespFun, ResponseType) ->
    case make_get_request(Url, ResponseType) of
 	{ok, Head, Return} ->
 	    HandleRespFun({ok, Head, Return});
 	Error ->
 	    Error
    end.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Jose Json Functions
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec sign_json_jose(jose_jwk:key(), bitstring(), nonce()) -> {_, jws()}.
 sign_json_jose(Key, Json, Nonce) ->
    PubKey = ejabberd_acme:to_public(Key),
    {_, BinaryPubKey} = jose_jwk:to_binary(PubKey),
    PubKeyJson = jiffy:decode(BinaryPubKey),
    %% TODO: Ensure this works for all cases
    AlgMap = jose_jwk:signer(Key),
    JwsMap =
 	#{ <<"jwk">> => PubKeyJson,
 	   %% <<"b64">> => true,
 	   <<"nonce">> => list_to_bitstring(Nonce)
 	 },
    JwsObj0 = maps:merge(JwsMap, AlgMap),
    JwsObj = jose_jws:from(JwsObj0),
    jose_jws:sign(Key, Json, JwsObj).
 -spec sign_encode_json_jose(jose_jwk:key(), bitstring(), nonce()) -> bitstring().
 sign_encode_json_jose(Key, Json, Nonce) ->
    {_, Signed} = sign_json_jose(Key, Json, Nonce),
    %% This depends on jose library, so we can consider it safe
    jiffy:encode(Signed).
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Useful funs
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec get_nonce(proplist()) -> nonce() | 'none'.
 get_nonce(Head) ->
    case proplists:lookup("replay-nonce", Head) of
 	{"replay-nonce", Nonce} -> Nonce;
 	none -> none
    end.
 -spec get_location(proplist()) -> url() | 'none'.
 get_location(Head) ->
    case proplists:lookup("location", Head) of
 	{"location", Location} -> Location;
 	none -> none
    end.
 -spec get_tos(proplist()) -> url() | 'none'.
 get_tos(Head) ->
    get_header_link(Head, "\"terms-of-service\"").
 -spec get_link_up(proplist()) -> url() | 'none'.
 get_link_up(Head) ->
    get_header_link(Head, "rel=\"up\"").
 %% TODO: Find a more reliable way to extract this
 -spec get_header_link(proplist(), string()) -> url() | 'none'.
 get_header_link(Head, Suffix) ->
    try
 	[{_, Link}] = [{K, V} || {K, V} <- Head,
 				 K =:= "link" andalso
 				     lists:suffix(Suffix, V)],
 	[Link1, _] = string:tokens(Link, ";"),
 	Link2 = string:strip(Link1, left, $<),
 	string:strip(Link2, right, $>)
    catch
 	_:_ ->
 	    none
    end.
 decode_response(Head, Body, "application/pkix-cert") ->
    {ok, Head, Body};
 decode_response(Head, Body, "application/jose+json") ->
    case decode(Body) of
 	{ok, Return} ->
 	    {ok, Head, Return};
 	{error, Reason} ->
 	    ?ERROR_MSG("Problem decoding: ~s", [Body]),
 	    {error, Reason}
    end.
 encode(EJson) ->
    try
 	{ok, jiffy:encode(EJson)}
    catch
 	_:Reason ->
 	    {error, Reason}
    end.
 decode(Json) ->
    try
 	{Result} = jiffy:decode(Json),
 	{ok, Result}
    catch
 	_:Reason ->
 	    {error, Reason}
    end.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
 %% Handle Failed HTTP Requests
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec failed_http_request({ok, _} | {error, _}, url()) -> {error, _}.
 failed_http_request({ok, {{_, Code, Reason}, _Head, Body}}, Url) ->
    ?ERROR_MSG("Unexpected status code from <~s>: ~B, Body: ~s",
 	       [Url, Code, Body]),
    throw({error, {unexpected_code, Code, Reason}});
 failed_http_request({error, Reason}, Url) ->
    ?ERROR_MSG("Error making a request to <~s>: ~p",
 	       [Url, Reason]),
    throw({error, Reason}).
--- a/src/ejabberd_config_transformer.erl
+++ b/src/ejabberd_config_transformer.erl
@ -99,6 +99,25 @@ transform(_Host, certfiles, CertFiles1, Acc) ->
    CertFiles2 = maps:get(certfiles, Acc, []),
    Acc1 = maps:put(certfiles, CertFiles1 ++ CertFiles2, Acc),
    {true, Acc1};
 transform(_Host, acme, ACME, Acc) ->
    ACME1 = lists:map(
 	      fun({ca_url, URL} = Opt) ->
 		      case http_uri:parse(binary_to_list(URL)) of
 			  {ok, {_, _, "acme-v01.api.letsencrypt.org", _, _, _}} ->
 			      NewURL = ejabberd_acme:default_directory_url(),
 			      ?WARNING_MSG("ACME directory URL ~s defined in "
 					   "option acme->ca_url is deprecated "
 					   "and was automatically replaced "
 					   "with ~s. ~s",
 					   [URL, NewURL, adjust_hint()]),
 			      {ca_url, NewURL};
 			  _ ->
 			      Opt
 		      end;
 		 (Opt) ->
 		      Opt
 	      end, ACME),
    {{true, {acme, ACME1}}, Acc};
 transform(Host, s2s_use_starttls, required_trusted, Acc) ->
    ?WARNING_MSG("The value 'required_trusted' of option "
 		 "'s2s_use_starttls' is deprecated and was "
@ -550,6 +569,10 @@ validator() ->
 	  default_db => econf:atom(),
 	  default_ram_db => econf:atom(),
 	  auth_method => econf:list_or_single(econf:atom()),
 	  acme => econf:options(
 		    #{ca_url => econf:binary(),
 		      '_' => econf:any()},
 		    [unique]),
 	  listen =>
 	      econf:list(
 		econf:options(
--- a/src/ejabberd_option.erl
+++ b/src/ejabberd_option.erl
@ -170,7 +170,7 @@ acl() ->
 acl(Host) ->
    ejabberd_config:get_option({acl, Host}).
-spec acme() -> #{'ca_url'=>binary(), 'contact'=>binary()}.
+-spec acme() -> #{'auto'=>boolean(), 'ca_url'=>binary(), 'cert_type'=>'ec' | 'rsa', 'contact'=>[binary()]}.
 acme() ->
    ejabberd_config:get_option({acme, global}).
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@ -40,7 +40,9 @@ opt_type(acl) ->
 opt_type(acme) ->
    econf:options(
      #{ca_url => econf:url(),
-	contact => econf:binary("^[a-zA-Z]+:[^:]+$")},
+	contact => econf:list_or_single(econf:binary("^[a-zA-Z]+:[^:]+$")),
 	auto => econf:bool(),
 	cert_type => econf:enum([ec, rsa])},
      [unique, {return, map}]);
 opt_type(allow_contrib_modules) ->
    econf:bool();
--- a/src/ejabberd_pkix.erl
+++ b/src/ejabberd_pkix.erl
@ -26,9 +26,12 @@
 %% API
 -export([start_link/0]).
 -export([certs_dir/0]).
-export([add_certfile/1, try_certfile/1, get_certfile/0, get_certfile/1]).
+-export([add_certfile/1, del_certfile/1, commit/0]).
 -export([notify_expired/1]).
 -export([try_certfile/1, get_certfile/0, get_certfile/1]).
 -export([get_certfile_no_default/1]).
 %% Hooks
-export([ejabberd_started/0, config_reloaded/0]).
+-export([ejabberd_started/0, config_reloaded/0, cert_expired/2]).
 %% gen_server callbacks
 -export([init/1, handle_call/3, handle_cast/2, handle_info/2,
 	 terminate/2, code_change/3, format_status/2]).
@ -59,6 +62,14 @@ add_certfile(Path0) ->
 	    end
    end.
 -spec del_certfile(file:filename_all()) -> ok.
 del_certfile(Path0) ->
    Path = prep_path(Path0),
    try gen_server:call(?MODULE, {del_certfile, Path}, ?CALL_TIMEOUT)
    catch exit:{noproc, _} ->
 	    pkix:del_file(Path)
    end.
 -spec try_certfile(file:filename_all()) -> filename().
 try_certfile(Path0) ->
    Path = prep_path(Path0),
@ -103,6 +114,10 @@ certs_dir() ->
    MnesiaDir = mnesia:system_info(directory),
    filename:join(MnesiaDir, "certs").
 -spec commit() -> ok.
 commit() ->
    gen_server:call(?MODULE, commit, ?CALL_TIMEOUT).
 -spec ejabberd_started() -> ok.
 ejabberd_started() ->
    gen_server:call(?MODULE, ejabberd_started, ?CALL_TIMEOUT).
@ -111,21 +126,38 @@ ejabberd_started() ->
 config_reloaded() ->
    gen_server:call(?MODULE, config_reloaded, ?CALL_TIMEOUT).
 -spec notify_expired(pkix:notify_event()) -> ok.
 notify_expired(Event) ->
    gen_server:cast(?MODULE, Event).
 -spec cert_expired(_, pkix:cert_info()) -> ok.
 cert_expired(_Cert, #{domains := Domains,
 		      expiry := Expiry,
 		      files := [{Path, Line}|_]}) ->
    ?WARNING_MSG("Certificate in ~s (at line: ~B)~s ~s",
 		 [Path, Line,
 		  case Domains of
 		      [] -> "";
 		      _ -> " for " ++ misc:format_hosts_list(Domains)
 		  end,
 		  format_expiration_date(Expiry)]).
 %%%===================================================================
 %%% gen_server callbacks
 %%%===================================================================
 -spec init([]) -> {ok, state()}.
 init([]) ->
    process_flag(trap_exit, true),
    ejabberd_hooks:add(cert_expired, ?MODULE, cert_expired, 50),
    ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 100),
    ejabberd_hooks:add(ejabberd_started, ?MODULE, ejabberd_started, 30),
    case add_files() of
-	{Files, []} ->
+	{_Files, []} ->
-	    {ok, #state{files = Files}};
+	    {ok, #state{}};
 	{Files, [_|_]} ->
 	    case ejabberd:is_loaded() of
 		true ->
-		    {ok, #state{files = Files}};
+		    {ok, #state{}};
 		false ->
 		    del_files(Files),
 		    stop_ejabberd()
@ -137,13 +169,15 @@ init([]) ->
 handle_call({add_certfile, Path}, _From, State) ->
    case add_file(Path) of
 	ok ->
-	    Files = sets:add_element(Path, State#state.files),
+	    {reply, {ok, Path}, State};
 	    {reply, {ok, Path}, State#state{files = Files}};
 	{error, _} = Err ->
 	    {reply, Err, State}
    end;
 handle_call({del_certfile, Path}, _From, State) ->
    pkix:del_file(Path),
    {reply, ok, State};
 handle_call(ejabberd_started, _From, State) ->
-    case commit() of
+    case do_commit() of
 	{ok, []} ->
 	    check_domain_certfiles(),
 	    {reply, ok, State};
@ -151,22 +185,25 @@ handle_call(ejabberd_started, _From, State) ->
 	    stop_ejabberd()
    end;
 handle_call(config_reloaded, _From, State) ->
-    Old = State#state.files,
+    Files = get_certfiles_from_config_options(),
-    New = get_certfiles_from_config_options(),
+    _ = add_files(Files),
-    del_files(sets:subtract(Old, New)),
+    case do_commit() of
    _ = add_files(New),
    case commit() of
 	{ok, _} ->
 	    check_domain_certfiles(),
-	    {reply, ok, State#state{files = New}};
+	    {reply, ok, State};
 	error ->
 	    {reply, ok, State}
    end;
 handle_call(commit, From, State) ->
    handle_call(config_reloaded, From, State);
 handle_call(Request, _From, State) ->
    ?WARNING_MSG("Unexpected call: ~p", [Request]),
    {noreply, State}.
 -spec handle_cast(term(), state()) -> {noreply, state()}.
 handle_cast({cert_expired, Cert, CertInfo}, State) ->
    ejabberd_hooks:run(cert_expired, [Cert, CertInfo]),
    {noreply, State};
 handle_cast(Request, State) ->
    ?WARNING_MSG("Unexpected cast: ~p", [Request]),
    {noreply, State}.
@ -179,6 +216,7 @@ handle_info(Info, State) ->
 -spec terminate(normal | shutdown | {shutdown, term()} | term(),
 		state()) -> any().
 terminate(_Reason, State) ->
    ejabberd_hooks:delete(cert_expired, ?MODULE, cert_expired, 50),
    ejabberd_hooks:delete(ejabberd_started, ?MODULE, ejabberd_started, 30),
    ejabberd_hooks:delete(config_reloaded, ?MODULE, config_reloaded, 100),
    del_files(State#state.files).
@ -233,11 +271,16 @@ add_file(File) ->
 del_files(Files) ->
    lists:foreach(fun pkix:del_file/1, sets:to_list(Files)).
-spec commit() -> {ok, [{filename(), pkix:error_reason()}]} | error.
+-spec do_commit() -> {ok, [{filename(), pkix:error_reason()}]} | error.
-commit() ->
+do_commit() ->
    CAFile = ejabberd_option:ca_file(),
    ?DEBUG("Using CA root certificates from: ~s", [CAFile]),
-    Opts = [{cafile, CAFile}],
+    Opts = [{cafile, CAFile},
 	    {notify_before, [7*24*60*60, % 1 week
 			     24*60*60, % 1 day
 			     60*60, % 1 hour
 			     0]},
 	    {notify_fun, fun ?MODULE:notify_expired/1}],
    case pkix:commit(certs_dir(), Opts) of
 	{ok, Errors, Warnings, CAError} ->
 	    log_errors(Errors),
@ -267,12 +310,7 @@ check_domain_certfiles(Hosts) ->
 		      case get_certfile_no_default(Host) of
 			  error ->
 			      ?WARNING_MSG(
-				 "No certificate found matching '~s': strictly "
+				 "No certificate found matching ~s",
 				 "configured clients or servers will reject "
 				 "connections with this host; obtain "
 				 "a certificate for this (sub)domain from any "
 				 "trusted CA such as Let's Encrypt "
 				 "(www.letsencrypt.org)",
 				 [Host]);
 			  _ ->
 			      ok
@ -371,3 +409,29 @@ log_cafile_error({File, Reason}) ->
 		  [File, pkix:format_error(Reason)]);
 log_cafile_error(_) ->
    ok.
 -spec time_before_expiration(calendar:datetime()) -> {non_neg_integer(), string()}.
 time_before_expiration(Expiry) ->
    T1 = calendar:datetime_to_gregorian_seconds(Expiry),
    T2 = calendar:datetime_to_gregorian_seconds(
 	   calendar:now_to_datetime(erlang:timestamp())),
    Secs = max(0, T1 - T2),
    if Secs == {0, ""};
       Secs >= 220752000 -> {ceil(Secs/220752000), "year"};
       Secs >= 2592000 -> {ceil(Secs/2592000), "month"};
       Secs >= 604800 -> {ceil(Secs/604800), "week"};
       Secs >= 86400 -> {ceil(Secs/86400), "day"};
       Secs >= 3600 -> {ceil(Secs/3600), "hour"};
       Secs >= 60 -> {ceil(Secs/60), "minute"};
       true -> {Secs, "second"}
    end.
 -spec format_expiration_date(calendar:datetime()) -> string().
 format_expiration_date(DateTime) ->
    case time_before_expiration(DateTime) of
 	{0, _} -> "is expired";
 	{1, Unit} -> "will expire in less than a " ++ Unit;
 	{Int, Unit} ->
 	    "will expire in less than " ++ integer_to_list(Int)
 		++ " " ++ Unit ++ "s"
    end.
--- a/src/ejabberd_sup.erl
+++ b/src/ejabberd_sup.erl
@ -46,7 +46,6 @@ init([]) ->
 	   worker(ejabberd_admin),
 	   supervisor(ejabberd_listener),
 	   worker(ejabberd_pkix),
 	   worker(ejabberd_acme),
 	   worker(acl),
 	   worker(ejabberd_shaper),
 	   supervisor(ejabberd_db_sup),
@ -64,6 +63,7 @@ init([]) ->
 	   worker(ejabberd_captcha),
 	   worker(ext_mod),
 	   supervisor(ejabberd_gen_mod_sup, gen_mod),
 	   worker(ejabberd_acme),
 	   worker(ejabberd_auth),
 	   worker(ejabberd_oauth)]}}.
--- a/src/gen_mod.erl
+++ b/src/gen_mod.erl
@ -121,7 +121,7 @@ stop_child(Proc) ->
 -spec start_modules() -> any().
 start_modules() ->
    Hosts = ejabberd_option:hosts(),
-    ?INFO_MSG("Loading modules for ~s", [format_hosts_list(Hosts)]),
+    ?INFO_MSG("Loading modules for ~s", [misc:format_hosts_list(Hosts)]),
    lists:foreach(fun start_modules/1, Hosts).
 -spec start_modules(binary()) -> ok.
@ -446,25 +446,6 @@ format_module_error(Module, Fun, Arity, Opts, Class, Reason, St) ->
 			   misc:format_exception(2, Class, Reason, St)])
    end.
 -spec format_hosts_list([binary()]) -> iolist().
 format_hosts_list([Host]) ->
    Host;
 format_hosts_list([H1, H2]) ->
    [H1, " and ", H2];
 format_hosts_list([H1, H2, H3]) ->
    [H1, ", ", H2, " and ", H3];
 format_hosts_list([H1, H2|Hs]) ->
    io_lib:format("~s, ~s and ~B more hosts",
 		  [H1, H2, length(Hs)]).
 -spec format_cycle([atom()]) -> iolist().
 format_cycle([M1]) ->
    atom_to_list(M1);
 format_cycle([M1, M2]) ->
    [atom_to_list(M1), " and ", atom_to_list(M2)];
 format_cycle([M|Ms]) ->
    atom_to_list(M) ++ ", " ++ format_cycle(Ms).
 %%%===================================================================
 %%% Validation
 %%%===================================================================
@ -602,4 +583,4 @@ warn_cyclic_dep(Path) ->
 		 "This is either a bug, or the modules are not "
 		 "supposed to work together in this configuration. "
 		 "The modules will still be loaded though",
-		 [format_cycle(Path)]).
+		 [misc:format_cycle(Path)]).
--- a/src/misc.erl
+++ b/src/misc.erl
@ -40,7 +40,8 @@
 	 read_css/1, read_img/1, read_js/1, read_lua/1, try_url/1,
 	 intersection/2, format_val/1, cancel_timer/1, unique_timestamp/0,
 	 is_mucsub_message/1, best_match/2, pmap/2, peach/2, format_exception/4,
-	 parse_ip_mask/1, match_ip_mask/3]).
+	 parse_ip_mask/1, match_ip_mask/3, format_hosts_list/1, format_cycle/1,
 	 delete_dir/1]).
 %% Deprecated functions
 -export([decode_base64/1, encode_base64/1]).
@ -546,6 +547,43 @@ match_ip_mask({0, 0, 0, 0, 0, 16#FFFF, _, _} = IP,
 match_ip_mask(_, _, _) ->
    false.
 -spec format_hosts_list([binary(), ...]) -> iolist().
 format_hosts_list([Host]) ->
    Host;
 format_hosts_list([H1, H2]) ->
    [H1, " and ", H2];
 format_hosts_list([H1, H2, H3]) ->
    [H1, ", ", H2, " and ", H3];
 format_hosts_list([H1, H2|Hs]) ->
    io_lib:format("~s, ~s and ~B more hosts",
 		  [H1, H2, length(Hs)]).
 -spec format_cycle([atom(), ...]) -> iolist().
 format_cycle([M1]) ->
    atom_to_list(M1);
 format_cycle([M1, M2]) ->
    [atom_to_list(M1), " and ", atom_to_list(M2)];
 format_cycle([M|Ms]) ->
    atom_to_list(M) ++ ", " ++ format_cycle(Ms).
 -spec delete_dir(file:filename_all()) -> ok | {error, file:posix()}.
 delete_dir(Dir) ->
    try
 	{ok, Entries} = file:list_dir(Dir),
 	lists:foreach(fun(Path) ->
 			      case filelib:is_dir(Path) of
 				  true ->
 				      ok = delete_dir(Path);
 				  false ->
 				      ok = file:delete(Path)
 			      end
 		      end, [filename:join(Dir, Entry) || Entry <- Entries]),
 	ok = file:del_dir(Dir)
    catch
 	_:{badmatch, {error, Error}} ->
 	    {error, Error}
    end.
 %%%===================================================================
 %%% Internal functions
 %%%===================================================================
--- a/src/mod_http_upload.erl
+++ b/src/mod_http_upload.erl
@ -1004,7 +1004,7 @@ remove_user(User, Server) ->
    DocRoot1 = expand_host(expand_home(DocRoot), ServerHost),
    UserStr = make_user_string(jid:make(User, Server), JIDinURL),
    UserDir = str:join([DocRoot1, UserStr], <<$/>>),
-    case del_tree(UserDir) of
+    case misc:delete_dir(UserDir) of
 	ok ->
 	    ?INFO_MSG("Removed HTTP upload directory of ~s@~s", [User, Server]);
 	{error, enoent} ->
@ -1014,21 +1014,3 @@ remove_user(User, Server) ->
 		       [User, Server, format_error(Error)])
    end,
    ok.
 -spec del_tree(file:filename_all()) -> ok | {error, file:posix()}.
 del_tree(Dir) ->
    try
 	{ok, Entries} = file:list_dir(Dir),
 	lists:foreach(fun(Path) ->
 			      case filelib:is_dir(Path) of
 				  true ->
 				      ok = del_tree(Path);
 				  false ->
 				      ok = file:delete(Path)
 			      end
 		      end, [filename:join(Dir, Entry) || Entry <- Entries]),
 	ok = file:del_dir(Dir)
    catch
 	_:{badmatch, {error, Error}} ->
 	    {error, Error}
    end.