Lego: Manual validation feature for http-01 and tls-sni-01 challenges
All 7 comments
I had a quick look at what the "manual" plugin does for the official client.
Am I right with the assumption that lego would need to output curl commands for example which a user could use to run them on a distant machine?
xenolf
on 23 Dec 2015
Curl commands are not necessary. I think just printing the challenge with some instructions and waiting user's action to continue would be sufficient.
For example, something like this for http-01:
$ lego --domains example.com --email [email protected] run --manual
...
A HTTP get request to url
http://example.com/.well-known/acme-challenge/{token}
must return the following string in the response body
{jws string here}
Press ENTER when your server is ready.
glkz
on 24 Dec 2015
+1
fenderle
on 11 Jan 2016
+1
uwe
on 28 Jan 2016
Is there a way to use this for an automated process of what an admin _would_ do with it? I am interested in getting a cert that covers a group of machines, say 20 subdomains where each subdomain is only hosted from one machine in a way to avoid rate limits.
yonderblue
on 11 May 2016
@gaillard Why not get a SAN cert for the 20 subdomains and then distribute them across your machines?
xenolf
on 12 May 2016
Wondering if this is still necessary anymore; and even if so, if it is a good idea at all. The goal is to _automate_ the process of managing certificates. If there a manual step is possible, then we fall short of that and people continue to rely on manual ways.
mholt
on 20 Mar 2018
Related issues
mholt
路
3Comments
jlxq0
路
5Comments
cruscio
路
3Comments
moomerman
路
4Comments
lenovouser
路
5Comments
Most helpful comment
Curl commands are not necessary. I think just printing the challenge with some instructions and waiting user's action to continue would be sufficient.
For example, something like this for http-01: