New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manual plugin "--shell-command" option #2610
Comments
I really like the idea of doing something like this. There has been talk of doing something similar with |
Hmmm, I should probably have closed #2782 as a dupe of this, but I will do it the other way round. @brianmhunt if you still like your proposed design in comparison to the others I added over there, can you please paste your proposal as a comment on #2782? |
We have a couple of extensibility mechanisms already built in: plugins and My main question: Why isn't the existing plugin mechanism good enough to accomplish the goal? I think the current way of writing a plugin is probably too cumbersome for the purpose, but that probably means we should simplify the process of writing small plugins. For instance, it would be great if I could put a file in
The syntax is still a little clunkier than shell scripts, but if we can make plugin writing this easy, then we wind up with only a single mechanism to maintain for the long term, and we also make general-purpose integration with Certbot easier. If we go with shell scripts as an alternate integration mechanism, I think users will be very confused about the difference between |
I think this is definitely worth considering. If we can simplify the process of writing plugins, not only can sysadmins easily create their own for their custom setups, but it would encourage more 3rd party plugin development. |
Also just noticed the correct issue for this is #2782. I'll post a comment over there linking to this discussion. |
Right now the
--manual
plugin requires user interaction, but there are some use cases where it needn't.For example, when using
--manual
with Google App Engine, one can automate that entire process, but it's quite convoluted.The process could be vastly simplified if, instead of using manual input, the
--manual
plugin took a shell command, that I would imagine could work as follows:User calls
letsencrypt --manual --shell-command "./upload-script --server=example.com" -d example.com -d www.example.com
Let's Encrypt calls
upload-script
, and pipes the challenges to the standard input, something like:It would be trivial to generalize this with another argument like
--shell-pipe-format
with options such ascsv
,tsv
,json
, etc.Once the shell command completes Let's Encrypt runs the challenge.
Example
In the case of Google App Engine, a simplistic
upload-script
might look like (and my bash is a little rusty, but I hope it conveys the point):Once the script completes (and presuming that
acme/challenges
publishes to./well-known/...
), Let's Encrypt should validate successfully against the App Engine.I find this nicely abstracts the validation process.
Compare this to the fragile monstrosities I have created to accomplish the same that carefully read and interpret the output of Let's Encrypt.
(In retrospect my time would have been better applied writing a patch for or alternative to
--manual
– sorry I missed that opportunity; I hope to return to it as time permits, but I wanted to take the time share this to see if there is interest in such a patch and in case someone else might be able to pick it up)The text was updated successfully, but these errors were encountered: