Certbot ipv64 dnschallenge #159
Conversation
There was a problem hiding this comment.
Thanks @lodzen for your pull request. I have some change requests.
Can you also stash your commit history and make one commit out of it? Thanks.
If all adjustments have been made, the remaining question will be where to obtain a better maintained version of certbot-dns-ipv64 from?
src/setup-certbot.sh
Outdated
| apt-get install -y "${packages_to_install[@]}" 2>&1 | tee -a $LOGFILE_PATH | ||
| fi | ||
| if [ "$CERTBOT_AUTH_METHOD" = "ipv64" ]; then | ||
| git clone https://github.com/XonaTheProtogen/certbot-dns-ipv64.git 2>&1 | tee -a $LOGFILE_PATH |
There was a problem hiding this comment.
@lodzen The certbot-dns-ipv64 plugin for certbot seems unmaintained (two years no commits). Is there a newer source available maybe?
There was a problem hiding this comment.
I created an own fork for the repo and worked on a branch to push the changes
setup-nextcloud-hpb.sh
Outdated
| DRY_RUN=false | ||
| UNATTENDED_INSTALL=false | ||
| NEXTCLOUD_SERVER_FQDNS="" # Ask user | ||
| CERTBOT_AUTH_METHOD="" # Ask user |
There was a problem hiding this comment.
Please amend white-spaces here, all comment hashes should be in one column.
setup-nextcloud-hpb.sh
Outdated
| case "$CHOICE" in | ||
| "1") | ||
| log "Collabora (certbot, nginx, ufw) will be installed." | ||
| CERTBOT_AUTH_METHOD="http" |
There was a problem hiding this comment.
The log messages don't match what is happening in the code. Change to "Cerbot AUTH method selected is: 'http'" (or similar)
setup-nextcloud-hpb.sh
Outdated
| ;; | ||
| "2") | ||
| log "Signaling (certbot, nginx, ufw) will be installed." | ||
| CERTBOT_AUTH_METHOD="ipv64" |
setup-nextcloud-hpb.sh
Outdated
| esac | ||
| done | ||
| fi | ||
| log "Using '$CERTBOT_AUTH_METHOD' for DRY_RUN". |
There was a problem hiding this comment.
should be: log "Using '$CERTBOT_AUTH_METHOD' for CERTBOT_AUTH_METHOD".
src/setup-certbot.sh
Outdated
| --key-path "$SSL_CERT_KEY_PATH_RSA" --domains "$SERVER_FQDN" | ||
| --fullchain-path "$SSL_CERT_PATH_RSA" --email "$EMAIL_USER_ADDRESS" | ||
| --rsa-key-size 4096 --cert-name "$SERVER_FQDN"-rsa | ||
| --chain-path "$SSL_CHAIN_PATH_RSA" -authenticator dns-ipv64 --dns-ipv64-credentials "/home/daniel/certbot-dns-ipv64/credentials.ini") |
There was a problem hiding this comment.
Don't put your full local home path here. This needs to work on anyone's machine! I.e. you have to put some relative path name here.
| --chain-path "$SSL_CHAIN_PATH_RSA" -authenticator dns-ipv64 --dns-ipv64-credentials "/home/daniel/certbot-dns-ipv64/credentials.ini") | ||
| ;; | ||
| *) | ||
| log "Unsupported AUTH Method $CERTBOT_AUTH_METHOD!" >&2 |
There was a problem hiding this comment.
maybe better "Unsupported Certbot AUTH method: $CERTBOT_AUTH_METHOD!"
|
@lodzen Also: sorry for the looooong delay until I reviewed this. |
| # If you are running the script behind a NAT you need to specify it with true | ||
| # make sure that the webserver are reachable from the internet via | ||
| # port (80 only if http cert auth method is used),443 & 5349 (TCP & UDP) | ||
| BEHIND_NAT="" | ||
|
|
There was a problem hiding this comment.
I'm unsure if this works overall, since coturn requires public internet access, I think.
The documentation clearly states, that we won't support servers using NAT.
A server with a publicly accessible IP! (not for systems behind a firewall or NAT with a private address)
There was a problem hiding this comment.
I can only say that i run this setup in my homelab and it works good.
I am running it behind a reverse proxy thats why i need to set it up like this, otherwise it can't bind to the External IP address and need to bind it to listen to listening-ip=0.0.0.0
There was a problem hiding this comment.
Very interesting. I've never looked into that. Maybe this is a feature we can build into this script, instead of just closing tickets for people with a NAT-setup.. ;)
lodzen
force-pushed
the
certbot-ipv64-dnschallenge
branch
from
12f9523 to
ba4dcb8
Compare
lodzen
force-pushed
the
certbot-ipv64-dnschallenge
branch
from
ba4dcb8 to
5bab536
Compare
3 participants
No description provided.