Add support for --challenge-deploy as an alternative to --acme-dir, also supports DNS-01 challenge style #301
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
to invoke a script to store the key authorization to the .well-known/acme-challenge/ location, possibly on a different machine.
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I'm offering for consideration changes that make it possible to offload the challenge work to external scripts.
So instead of
you can use
That by itself does not sound useful but it gets useful in situations like
or
The change itself is not ready for merging on top of master as the code exceeds the 200 line limit.
However, when applied on top of other pull requests that are currently open, namely #296, #297, or parts of #273 (I can provide separate PR for just the "Remove comments where the subsequent log.info line can carry the same information" part), it is possible to have this logic within 200 lines.
Moving the challenge deployment logic to external script lends itself nicely to the DNS-01 challenge type support, as the only thing that is needed in the acme-tiny code is a support for the slightly different key authorization token format.
I've been running with this change for a couple of weeks and I feel I can show it now.