Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
[enh] external http checker fallback for LE checks #623
In some annoying network configuration, a YunoHost installation can't do a HTTP loopback on itself using its public ip (a bit like hairpining for rooters) but still can be reached from the outside which is what LE will use to install its certificate. In consequence, people needs to had
Generally, this kind of YunoHost instance are NATed as a vm/container.
When the "let's test I'm accessible by HTTP" test fails, fallback on an external HTTP checker that will do the same test but from outside which will avoid the bug where HTTP can loopback from localhost.
The outside http checker is https://github.com/YunoHost/check-http that I wrote and test and you can get the general workflow documentation here: https://github.com/YunoHost/check-http/blob/master/server.py#L51
Untested because http-check isn't deploy yet (we need a YunoHost application for that if we want to deploy it correctly).
On the other hand this is a pretty safe PR since it only add a new fallback behavior, in the worst case it will only failed to do the external HTTP check in a situation where it was already failing.
How to test
You need a YunoHost instance where you can do HTTP loopback, had this patch, wait for http-check to be deployed and then you can try to renew/install a certificate without
I have an instance in that situation and I can do this test but ... we need to merge this PR for our toolchan to build a