Comments (5)
Gotcha, would you mind mocking up a printout of what the help text would look like for this? I'm having trouble picturing exactly what the user experience would be like for this. Thanks!
from acme-nosudo.
Happy to! Reading it over again I feel like I should tune the language a bit.
Step template
STEP {step_number}: You need to run this command on {target_domain}, assuming that {document_root} is where your web site is stored.
mkdir -p {document_root}/.well-known/acme-challenge && \\
echo -n "{challenge_response}" > \\
{document_root}/.well-known/acme-challenge/{challenge_token} && \\
curl -fsS http://{target_domain}/.well-known/acme-challenge/{challenge_token} > /dev/null && \\
echo "OK!" || echo "ERROR"
You should see "OK!" displayed. If you see "ERROR" something went wrong; fix it before proceeding.
Variable glossary
step_number
: the step number - beginning at 4 - since this is once per subdomain.target_domain
: the target domain - e.g. www.example.comdocument_root
: defaults to /var/www - let the user pass it in, probably.challenge_response
: the JSON blob.challenge_token
: the token field from the challenge - e.g. "qlWnoQpvBvNvOyZlAGLvsD" from one of my recent requests.
Explanation of steps and side effects
(mostly wrote this for my own benefit)
mkdir -p
since the acme-challenge folder doesn't exist.-p
means it will create recursive directories and error only if a directory couldn't be created; it will not error if the directory already exists.echo -n > $path
writes the provided blob to the given path or errors.curl -fsS $url > /dev/null
attempts to test that the user is actually serving the file as required (since the HTTPServer approach dies if the server couldn't start, which is probably 95% of the necessary error checking. :)-f
: force a fail if the server returns a non-200 error code and write that error to STDERR.-s
: don't show a progress bar and don't write messages-S
: combined with-s
causes errors to be shown.
echo "OK!" || echo "ERROR"
since each step shows error messages differently (and since success is silent) it gives the user an easy way to see if something may have gone wrong.
Example output
STEP 4: You need to run this command on www.example.com, assuming that /var/www is where your web site is stored.
mkdir -p /var/www/.well-known/acme-challenge && \
echo -n "{omitting the challenge response as it is quite long}" > \
/var/www/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD && \
curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null && \
echo "OK!" || echo "ERROR"
You should see "OK!" displayed. If you see "ERROR" something went wrong; fix it before proceeding.
Common failure cases by step
$ mkdir -p /var/www/.well-known/acme-challenge
mkdir: /var/www/.well-known/acme-challenge: Permission denied
The user doesn't have permission to create the challenge directory. The user may need to sudo and try again.
$ echo -n "{omitting the challenge response as it is quite long}" > /var/www/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD
zsh: permission denied: /var/www/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD
The challenge directory already exists but the user didn't have permission to write to it. Sudo and try again.
$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (22) The requested URL returned error: 404 Not Found
The user may be on the wrong server; the user may have the wrong document root.
$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (6) Could not resolve host: www.example.com
The target host couldn't be found at all - the user might've provided the wrong domain name.
$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (7) Failed to connect to www.example.com port 80: Connection refused
The target host might not be running a server on port 80 or is otherwise rejecting requests. The user might've provided the wrong domain name or may be running a web server on a different port (I'm not sure how nonstandard ports should work, if they should work at all.)
$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
(...a lot of time passes)
The default timeout for curl is...really long. One option would be to specify -m5
to cap it at 5 seconds, at which point:
$ curl -fsS -m5 http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
curl: (28) Connection timed out after 5004 milliseconds
Indicates that the server timed out, generally meaning a nonstandard port is being used or some other network failure.
$ curl -fsS http://www.example.com/.well-known/acme-challenge/qlWnoQpvBvNvOyZlAGLvsD > /dev/null
zsh: command not found: curl
Not everyone has curl installed. No good way around this besides skipping the step completely. :)
from acme-nosudo.
Guys,
Could you just pass content and path to another "user defined script", which will do whole STEP 4
from acme-nosudo.
@abl Thanks for the notes! This should be covered under pull #20
from acme-nosudo.
To clarify, #20 just prints out the url and file contents that need to be hosted. It's up to the user to make that happen in whatever setup they have. I don't want to try and guess what commands are needed to change files on their server.
from acme-nosudo.
Related Issues (20)
- Will there be a protocol V2 update? HOT 1
- Cannot create certificates for v6-only hosts HOT 1
- ModuleNotFoundError: No module named 'urllib2' HOT 4
- > (I might be quite wrong with all the following, it's mostly an observation)
- what does this error mean? HOT 1
- Syntax error or user error??? HOT 2
- Python script does not work for IPv6 HOT 1
- agreement url changed HOT 1
- Stopped working in Windows HOT 1
- issue with rsa -in user.key -pubout > user.pub HOT 1
- Steps produce two certificates ? HOT 2
- Renewal fails with error HOT 2
- Syntax error in: pub_exp = "0{0}".format(pub_exp) if len(pub_exp) % 2 else pub_exp HOT 2
- Dadanationnonprofit HOT 1
- Does this script also record IP address? HOT 1
- Spurious bad-nonce replies from letsencrypt, cause repeated script fail HOT 3
- Action required: Let's Encrypt subscriber agreement URL Change HOT 3
- acme registration id? HOT 1
- sign_csr.py fails on debian stretch with OpenSSL 1.1.0f 25 May 2017 HOT 2
- Please rename project HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-nosudo.