Support for DNS challenge #1022
Conversation
…ment variables forwarding & README update
|
Forgot to mention that this PR is not specific to any provider, as the idea is to "forward" required environment variables by each provider and which are defined in the proxied container, to the letsencrypt_service. Then, these variables are simply read by acme.sh. I have updated the README explaining how to set up DNS challenge for a provider, with an example. |
There was a problem hiding this comment.
Why are you doing this:
if [[ -z "$variable" ]]; then
<do nothing>
else
<do something>
fi
Instead of this:
if [[ -n "$variable" ]]; then
<do something>
fi
I imagine some HTTP challenge stuff should not happen for a DNS challenge.
Perhaps this is a good place to start:
add_location_configuration "$domain" || reload_nginx
|
I would love to see this happening in the official image.. I want to integrate it in some "offline" setups. where devices have internet and are random/not managed, but the services are not publicly available. |
|
For what it's worth, I am now using this locally and it seems to be working. I do wish there was a better way to handle all the variables; I end up with the same block of variables copypasted multiple places in order to handle various subdomains. On the other hand, this is relevant only for people running multiple subdomains, and I'm not sure how common that is. |
|
Alright, never mind, update :V It works fine on single domains but I'm having trouble getting it working on multidomains; it does the first domain with DNS, but then seems to fall back on HTTP for the second domain. Somewhat-anonymized log: Not sure what I'm doing wrong. |
If you are using docker-compose, you can store your common environment variables in a file, e.g. version: '3'
services:
first:
image: nginx
env_file:
- path/to/mydnsprovider.env
environment:
- VIRTUAL_HOST=first.com
- LETSENCRYPT_HOST=first.comand version: '3'
services:
second:
image: nginx
env_file:
- path/to/mydnsprovider.env
environment:
- VIRTUAL_HOST=second.com
- LETSENCRYPT_HOST=second.com |
Passing multiple domains is done the same way by using multiple |
|
@mustanggb any progress please? |
|
Nothing to do with me.
|
|
Hello @buchdag, any plan on this? If none, please let me know, I could take over the commit, try to fix things @mustanggb pointed out. |
|
@mustanggb @yeliex @cistes44 sorry guys, I hadn't a lot of spare time last weeks. I'll try to take care of it if I can find some time soon. Meanwhile, feel free to pursue the work, there is not much left. @mustanggb what exactly do you need me to do for you to get commit access? |
I think he you should grant him access to your fork: https://github.com/daweedm/acme-companion/ Otherwise he yould be unable to build on your work for this PR. |
There was a problem hiding this comment.
Hey @buchdag, may I ask you please to merge this (= the main feature: DNS challenge with single domain) in an official release (and solve the multi-domain thing later)?
Review:
- feature is/seems very needed
- single domain seems to work
- multi-domain not working (can be done later)
#ty! @daweedm
Thanks a lot in advance + KR
Hello @buchdag
I have added the support for DNS challenges, as it's supported by acme.sh and with minor changes to the
acme-companioncode base.Could you review this pull request ?