Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Webroot path should be per domain #24

Closed
kkofler opened this issue Dec 7, 2015 · 7 comments
Closed

Webroot path should be per domain #24

kkofler opened this issue Dec 7, 2015 · 7 comments
Assignees

Comments

@kkofler
Copy link

@kkofler kkofler commented Dec 7, 2015

If one wants to use multiple acmetool want … commands for several VHOSTs on the same server, the webroot path will be different for each of them. But at the moment, acmetool only asks for one webroot path for everything. It is probably (not tested yet) possible to work around that by manual symlink trickery, e.g.:

mkdir /var/lib/acme/.well-known
ln -s /var/lib/acme/.well-known /vhost/foo.example.com/.well-known
ln -s /var/lib/acme/.well-known /vhost/bar.example.com/.well-known

(and then setting /var/lib/acme/.well-known/acme-challenges as the path to store challenges in), but it would be much nicer if there were a way to set the path per domain. (The symlink trickery also only works if the HTTP server is configured to follow symlinks.)

@hlandau
Copy link
Owner

@hlandau hlandau commented Dec 7, 2015

I'd suggest you use symlinks, or add an alias in your webserver configuration. It seems to me to make sense to have one repository on the system for challenge files, so I'd like to stick with that.

By the way, the "standard" webroot path is /var/run/acme/acme-challenge. Files are put here (e.g. for the redirector) if you aren't using webroot mode.

I guess multiple webroots could be supported, but it also seems superfluous. I'll think about it for a while.

@hlandau
Copy link
Owner

@hlandau hlandau commented Dec 7, 2015

After thinking about it for what according to GitHub is two minutes, I think multiple webroot support would at least be a good refactoring internally. I'll probably at least change it to always try and put files in /var/run/acme/acme-challenge for now, and maybe support multiple custom paths later.

@kkofler
Copy link
Author

@kkofler kkofler commented Dec 7, 2015

On recent distributions, /var/run is a tmpfs (actually a symlink to the tmpfs mount /run), so if one symlinks $VHOST_WEBROOT/.well-known/var/run/acme (or $VHOST_WEBROOT/.well-known/acme-challenge/var/run/acme/acme-challenge), that symlink will point to nowhere after a reboot. The dangling symlink might actually be mostly harmless, but I thought it's worth pointing out.

@hlandau hlandau removed the thinking label Dec 7, 2015
@hlandau
Copy link
Owner

@hlandau hlandau commented Dec 7, 2015

I've added multiple webroot support. No support in the quickstart interface at this time, you'll need to edit the file in conf. One path per line. Challenges will be deposited in all of them. v0.0.14.

@hlandau hlandau closed this Dec 7, 2015
@hlandau
Copy link
Owner

@hlandau hlandau commented Dec 7, 2015

See also: #25

@kkofler
Copy link
Author

@kkofler kkofler commented Dec 7, 2015

How about something like:
acmetool --challenge-dir=/path/to/.well-known/acme-challenge want example.com
(which of course should remember the setting in the config files)?

@hlandau
Copy link
Owner

@hlandau hlandau commented Dec 7, 2015

Not sure what you're asking; you can set the path via quickstart or via editing the conf dir. I haven't implemented it per-domain; it just drops a given challenge file into all configured directories, which is fine. I don't think there's much point segmenting it by domain. It's not like there's a performance or disk usage issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants