2015-12-05 23:42 GMT+01:00 <[email protected]>: > On Fri, 4 Dec 2015 00:23:53 -0700 > Mela Luca <[email protected]> wrote: > >> I am looking to automate letsencrypt with lua, the process would be to >> detect to see if the domain has a cert already, if not it would execute >> letsencrypt on the domain. >> Any thought if this would be possible to do with lua. I am guessing using >> the os.execute. >> > > I'm not sure that you're using the good way to do this: > > - I don't known letsencrypt very well, but I heard that the > letsecncrypt framework expect a confirmation that the requester is > the real owner of the web site. It requires to the owner to add a > special webpage at a special url. So the process is very slow and it > cannot done during an http request timing.
Also don't forget that you can be flood by bots using arbitrary Host headers. > > - os.execute() is a blocking action. While HAProxy is waiting for the > script response, it does nothing, and all the traffic is blocked. > > Actuelly, the Lua in HAProxy only communicates with other process with > the Socket provided by the Lua/HAProxy API. IMHO the right approach is to use async communication (any ASMQ middleware, 0MQ, IRC, what else ...) between haproxy and the letsencrypt client or any ACME protocol implementation. It also should be useful for other stuff. Joris > > Thierry >
