Lego: use http but do not start an own server..

I would like to run the lego cli with --http but also something like --no-server and that the expected validation is written to a location that is already served by a running server (mapped well-known location).

@AubreyHewes I think you want to use --http.webroot for this.

From the cli usage docs:

--http.webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge.

You should be able to run an existing webserver on port :80 and have Lego write the token file with the HTTP-01 challenge key authorization to <webroot dir>/.well-known/acme-challenge/ by running something like:

./lego --accept-tos -m <email> --http --http.webroot <webroot dir> -d <domain> run

Or does someone have an idea how I can implement this... or point me in a direction ;-)

alternatively, you could use a non-standard HTTP port for Lego with --http.port and then configure the existing webserver on :80 to redirect requests received to the path /.well-known/acme-challenge/* to the non-standard Lego port.

(requesting opening an extra port for this kind of thing is a thing, changing the edge proxy is also a thing).

You wouldn't need to open the non-standard port to the wide-world for this plan but it would require changing the edge proxy to redirect the validation requests (for e.g. with ModRewrite type rules). Not sure if that's a hard sell for your environment or not :-)

@cpu Cool thanks! I totally missed the --http.webroot as a replacement for starting an own server.. I just assumed it was the webroot for the started server!

The docs could mention that setting it disables the own server... and expects something to route to the webroot.. as currently it is ambiguous.. possible PR ;-)