Implement --manual-pipecmd #1321

Closed
josch opened this Issue Nov 4, 2015 · 4 comments

Comments

Projects
None yet
2 participants
@josch

josch commented Nov 4, 2015

Hi,

this is an idea of how to fix issue #1015. It would be useful in situations where letsencrypt cannot be run on the server in question. A new commandline option --manual-pipecmd would receive an argument like:

'ssh myserver "cat > /tmp/letsencrypt/public_html/%TOKENPATH%"'

When executing letsencrypt --authenticator manual with above value for the --manual-pipecmd option, the manual plugin could first replace the placeholder %TOKENPATH% by the desired path to the token (like .well-known/acme-challenge/XXXXXXXX) and then execute this command and pass the content of the token into its standard input.

This way, the user would be able to forge whatever program they need to copy the token into the right remote location on their webserver where they use whatever method they desire to serve its content.

Together with the fix for issue #1125 this would allow complete automation of the certification process without running letsencrypt on the server while at the same time allowing any possible server setup.

@kuba

This comment has been minimized.

Show comment
Hide comment
@kuba

kuba Nov 4, 2015

Contributor

You've just reinvented webroot plugin: https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt/plugins/webroot.py. If you (really) need to do it over ssh, use sshfs to mount remote server and specify --webroot-path appropriately.

Contributor

kuba commented Nov 4, 2015

You've just reinvented webroot plugin: https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt/plugins/webroot.py. If you (really) need to do it over ssh, use sshfs to mount remote server and specify --webroot-path appropriately.

@kuba kuba closed this Nov 4, 2015

@josch

This comment has been minimized.

Show comment
Hide comment
@josch

josch Nov 4, 2015

Great, now to avoid such a useless bugreport next time, it would've been great if the output of:

letsencrypt --help all

Would better describe the webroot plugin than just saying "Webroot Authenticator" which does not hint that it does what I want.

josch commented Nov 4, 2015

Great, now to avoid such a useless bugreport next time, it would've been great if the output of:

letsencrypt --help all

Would better describe the webroot plugin than just saying "Webroot Authenticator" which does not hint that it does what I want.

@kuba

This comment has been minimized.

Show comment
Hide comment
@kuba

kuba Nov 4, 2015

Contributor

There is a tracking for something similar, see #1137.

Contributor

kuba commented Nov 4, 2015

There is a tracking for something similar, see #1137.

@josch

This comment has been minimized.

Show comment
Hide comment
@josch

josch Nov 4, 2015

And I also see that #1190 seems to be quite similar as well.

josch commented Nov 4, 2015

And I also see that #1190 seems to be quite similar as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment