On Mon, Jan 15, 2018 at 05:11:24PM +0000, Stuart Henderson wrote: > On 2018/01/15 12:16, Stuart Henderson wrote: > > I generally prefer to use acme-client than the python or bash+openssl(1) > > monstrosities to fetch SSL certificates, but I have some systems where > > I need to use the DNS-01 challenge type which was removed from the > > version in base. > > > > Any objections or OKs to adding a port for Kristaps' original version > > (attached)? > > > > > > Hrrmmmm. Now I've tried to actually run dns-01 from a shell script rather > than faking it with copy-and-paste, I'm not sure if it's actually going to > be all that useful... > > The mechanism requires > > 1. read from acme-client's stdout. > 2. run a command based on that output. > 3. when the command has run, echo the line back to acme-client's stdin. > > (repeat until EOF from acme-client.) > > I've tried with "eacme-client | (while read... )", various ways with > fifos, and coroutines, but it all blocks somewhere. Now I started > reading the expect(1) manual to try and do it that way which is never > a good sign... >
Can't acme-client just spawn a user-configurable command and communicate with it via fifos/stdin/stdout ? Fwiw, for dns-01 i use acme.sh which works, but i agree it's not pretty....
