Manual validation feature for http-01 and tls-sni-01 challenges about lego HOT 7 OPEN

Curl commands are not necessary. I think just printing the challenge with some instructions and waiting user's action to continue would be sufficient.

For example, something like this for http-01:

$ lego --domains example.com --email [email protected] run --manual
...
A HTTP get request to url
    http://example.com/.well-known/acme-challenge/{token}
must return the following string in the response body
    {jws string here}

Press ENTER when your server is ready. 

from lego.

I had a quick look at what the "manual" plugin does for the official client.
Am I right with the assumption that lego would need to output curl commands for example which a user could use to run them on a distant machine?

from lego.

+1

from lego.

+1

from lego.

Is there a way to use this for an automated process of what an admin would do with it? I am interested in getting a cert that covers a group of machines, say 20 subdomains where each subdomain is only hosted from one machine in a way to avoid rate limits.

from lego.

@Gaillard Why not get a SAN cert for the 20 subdomains and then distribute them across your machines?

from lego.

Wondering if this is still necessary anymore; and even if so, if it is a good idea at all. The goal is to automate the process of managing certificates. If there a manual step is possible, then we fall short of that and people continue to rely on manual ways.

from lego.