Add alternative to HTTPServer? about acme-nosudo HOT 5 CLOSED

Gotcha, would you mind mocking up a printout of what the help text would look like for this? I'm having trouble picturing exactly what the user experience would be like for this. Thanks!

from acme-nosudo.

Happy to! Reading it over again I feel like I should tune the language a bit.

Step template

STEP {step_number}: You need to run this command on {target_domain}, assuming that {document_root} is where your web site is stored.

 mkdir -p {document_root}/.well-known/acme-challenge && \\
 echo -n "{challenge_response}" > \\
     {document_root}/.well-known/acme-challenge/{challenge_token} && \\
 curl -fsS http://{target_domain}/.well-known/acme-challenge/{challenge_token} > /dev/null && \\
 echo "OK!" || echo "ERROR"

You should see "OK!" displayed. If you see "ERROR" something went wrong; fix it before proceeding.

Variable glossary

• step_number: the step number - beginning at 4 - since this is once per subdomain.
• target_domain: the target domain - e.g. www.example.com
• document_root: defaults to /var/www - let the user pass it in, probably.
• challenge_response: the JSON blob.
• challenge_token: the token field from the challenge - e.g. "qlWnoQpvBvNvOyZlAGLvsD" from one of my recent requests.

Explanation of steps and side effects

(mostly wrote this for my own benefit)

1. mkdir -p since the acme-challenge folder doesn't exist. -p means it will create recursive directories and error only if a directory couldn't be created; it will not error if the directory already exists.
2. echo -n > $path writes the provided blob to the given path or errors.
3. curl -fsS $url > /dev/null attempts to test that the user is actually serving the file as required (since the HTTPServer approach dies if the server couldn't start, which is probably 95% of the necessary error checking. :)
   • -f: force a fail if the server returns a non-200 error code and write that error to STDERR.
   • -s: don't show a progress bar and don't write messages
   • -S: combined with -s causes errors to be shown.
4. echo "OK!" || echo "ERROR" since each step shows error messages differently (and since success is silent) it gives the user an easy way to see if something may have gone wrong.

Example output

STEP 4: You need to run this command on www.example.com, assuming that /var/www is where your web site is stored.

 mkdir -p /var/www/.well-known/acme-challenge && \
 echo -n "{omitting the challenge response as it is quite long}" > \
     /var/www/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD && \
 curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null && \
 echo "OK!" || echo "ERROR"

You should see "OK!" displayed. If you see "ERROR" something went wrong; fix it before proceeding.

Common failure cases by step

$ mkdir -p /var/www/.well-known/acme-challenge
mkdir: /var/www/.well-known/acme-challenge: Permission denied

The user doesn't have permission to create the challenge directory. The user may need to sudo and try again.

$ echo -n "{omitting the challenge response as it is quite long}" > /var/www/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD
zsh: permission denied: /var/www/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD

The challenge directory already exists but the user didn't have permission to write to it. Sudo and try again.

$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (22) The requested URL returned error: 404 Not Found

The user may be on the wrong server; the user may have the wrong document root.

$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (6) Could not resolve host: www.example.com

The target host couldn't be found at all - the user might've provided the wrong domain name.

$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (7) Failed to connect to www.example.com port 80: Connection refused

The target host might not be running a server on port 80 or is otherwise rejecting requests. The user might've provided the wrong domain name or may be running a web server on a different port (I'm not sure how nonstandard ports should work, if they should work at all.)

$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
(...a lot of time passes)

The default timeout for curl is...really long. One option would be to specify -m5 to cap it at 5 seconds, at which point:

$ curl -fsS -m5 http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (28) Connection timed out after 5004 milliseconds

Indicates that the server timed out, generally meaning a nonstandard port is being used or some other network failure.

$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
zsh: command not found: curl

Not everyone has curl installed. No good way around this besides skipping the step completely. :)

from acme-nosudo.

Guys,
Could you just pass content and path to another "user defined script", which will do whole STEP 4

from acme-nosudo.

@abl Thanks for the notes! This should be covered under pull #20

from acme-nosudo.

To clarify, #20 just prints out the url and file contents that need to be hosted. It's up to the user to make that happen in whatever setup they have. I don't want to try and guess what commands are needed to change files on their server.

from acme-nosudo.