On Mon, Jan 15, 2018 at 06:40:01PM +0100, Landry Breuil wrote: > On Mon, Jan 15, 2018 at 05:11:24PM +0000, Stuart Henderson wrote: > > On 2018/01/15 12:16, Stuart Henderson wrote: > > > I generally prefer to use acme-client than the python or bash+openssl(1) > > > monstrosities to fetch SSL certificates, but I have some systems where > > > I need to use the DNS-01 challenge type which was removed from the > > > version in base.
IIRC we didn't remove it, we imported before Kristaps' implemented dns-01. Then I looked how he implemented it, he mumbled something about popen and I ran away screaming... > > > > > > Any objections or OKs to adding a port for Kristaps' original version > > > (attached)? > > > > > > > > > > > Hrrmmmm. Now I've tried to actually run dns-01 from a shell script rather > > than faking it with copy-and-paste, I'm not sure if it's actually going to > > be all that useful... > > > > The mechanism requires > > > > 1. read from acme-client's stdout. > > 2. run a command based on that output. > > 3. when the command has run, echo the line back to acme-client's stdin. > > > > (repeat until EOF from acme-client.) ... with good reason as you discovered. > > > > I've tried with "eacme-client | (while read... )", various ways with > > fifos, and coroutines, but it all blocks somewhere. Now I started > > reading the expect(1) manual to try and do it that way which is never > > a good sign... While what Kristaps' implemented looked doable in theory, I thought it would be very difficult to add to cronjobs or the like. > > > > Can't acme-client just spawn a user-configurable command and communicate > with it via fifos/stdin/stdout ? Fwiw, for dns-01 i use acme.sh which > works, but i agree it's not pretty.... > The way Benno and me wanted to implement it (but ENOTIME) was that you call acme-client multiple times. 1st call: give me the things that I need to put into DNS 2nd call: I put things into DNS, go ahead, do your thing. I have not looked at the protocol though. Maybe you need more calls? -- I'm not entirely sure you are real.
