On Thu, Jul 16, 2020 at 07:40:35AM +0200, Daniel Eisele wrote:
> Also it would be nice to have a feature to update all domains of the
> config file. I currently do that in a shell script by parsing the output
> of acme-client -nv with sed and then calling acme-client multiple times.
>
> Maybe an easy solution would be an option that prints the list of all
> domains, so I can avoid the sed parsing, as this is prone to breaking.
I'm not opposed to that. You will probably need to output some form of
csv.
Consider this:
domain handle1-example.com {
domain name example.com
alternative names { www.example.com secure.example.com }
domain key "/etc/ssl..." rsa
}
domain handle2-example.com {
domain name example.com
alternative names { mail.example.com }
domain key "/etc/ssl..." ecdsa
}
Should it be output like this?
handle1-example.com; example.com; www.example.com, secure.example.com
handle2-example.com; example.com; mail.example.com
Or this?
handle1-example.com; example.com; www.example.com
handle1-example.com; example.com; secure.example.com
handle2-example.com; example.com; mail.example.com
>
> Another solution is obviously to just add an "update all" command line
> option (or maybe even in the config?), but that is probably more
> complicated to implement.
I'm more worried that you will very soon end up with some form of exec
plugin mechanism. Typically you need to do something when a cert is
renewed (restart daemon).
My acme-client.conf is generate by a config management system which
also creates individual cronjobs for each renew job and knows how to
handle a cert renew.
>
> What do you think about that?
>
--
I'm not entirely sure you are real.
