New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Webroot path should be per domain #24

Closed
kkofler opened this Issue Dec 7, 2015 · 7 comments

Comments

Projects
None yet
2 participants
@kkofler
Copy link

kkofler commented Dec 7, 2015

If one wants to use multiple acmetool want … commands for several VHOSTs on the same server, the webroot path will be different for each of them. But at the moment, acmetool only asks for one webroot path for everything. It is probably (not tested yet) possible to work around that by manual symlink trickery, e.g.:

mkdir /var/lib/acme/.well-known
ln -s /var/lib/acme/.well-known /vhost/foo.example.com/.well-known
ln -s /var/lib/acme/.well-known /vhost/bar.example.com/.well-known

(and then setting /var/lib/acme/.well-known/acme-challenges as the path to store challenges in), but it would be much nicer if there were a way to set the path per domain. (The symlink trickery also only works if the HTTP server is configured to follow symlinks.)

@hlandau

This comment has been minimized.

Copy link
Owner

hlandau commented Dec 7, 2015

I'd suggest you use symlinks, or add an alias in your webserver configuration. It seems to me to make sense to have one repository on the system for challenge files, so I'd like to stick with that.

By the way, the "standard" webroot path is /var/run/acme/acme-challenge. Files are put here (e.g. for the redirector) if you aren't using webroot mode.

I guess multiple webroots could be supported, but it also seems superfluous. I'll think about it for a while.

@hlandau hlandau self-assigned this Dec 7, 2015

@hlandau

This comment has been minimized.

Copy link
Owner

hlandau commented Dec 7, 2015

After thinking about it for what according to GitHub is two minutes, I think multiple webroot support would at least be a good refactoring internally. I'll probably at least change it to always try and put files in /var/run/acme/acme-challenge for now, and maybe support multiple custom paths later.

@kkofler

This comment has been minimized.

Copy link

kkofler commented Dec 7, 2015

On recent distributions, /var/run is a tmpfs (actually a symlink to the tmpfs mount /run), so if one symlinks $VHOST_WEBROOT/.well-known/var/run/acme (or $VHOST_WEBROOT/.well-known/acme-challenge/var/run/acme/acme-challenge), that symlink will point to nowhere after a reboot. The dangling symlink might actually be mostly harmless, but I thought it's worth pointing out.

@hlandau hlandau removed the thinking label Dec 7, 2015

@hlandau

This comment has been minimized.

Copy link
Owner

hlandau commented Dec 7, 2015

I've added multiple webroot support. No support in the quickstart interface at this time, you'll need to edit the file in conf. One path per line. Challenges will be deposited in all of them. v0.0.14.

@hlandau hlandau closed this Dec 7, 2015

@hlandau

This comment has been minimized.

Copy link
Owner

hlandau commented Dec 7, 2015

See also: #25

@kkofler

This comment has been minimized.

Copy link

kkofler commented Dec 7, 2015

How about something like:
acmetool --challenge-dir=/path/to/.well-known/acme-challenge want example.com
(which of course should remember the setting in the config files)?

@hlandau

This comment has been minimized.

Copy link
Owner

hlandau commented Dec 7, 2015

Not sure what you're asking; you can set the path via quickstart or via editing the conf dir. I haven't implemented it per-domain; it just drops a given challenge file into all configured directories, which is fine. I don't think there's much point segmenting it by domain. It's not like there's a performance or disk usage issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment