[bug#36998] services: certbot: Add --manual-public-ip-logging-ok for manual challenges
diff mbox series

Message ID 87imr588wk.fsf@zancanaro.id.au
State New
Headers show
Series
  • [bug#36998] services: certbot: Add --manual-public-ip-logging-ok for manual challenges
Related show

Commit Message

Carlo Zancanaro Aug. 10, 2019, 1:08 p.m. UTC
I recently tried to configure the certbot-service with the dns 
challenge type. It failed, because certbot tries to ask whether 
you're okay with letsencrypt knowing (and potentially logging) 
your IP address, but within an mcron task that just fails.

The solution is to add the --manual-public-ip-logging-ok flag, so 
here's a patch to do that!

Comments

Ludovic Courtès Sept. 10, 2019, 9:54 p.m. UTC | #1
Hi Carlo,

Time flies…

Carlo Zancanaro <carlo@zancanaro.id.au> skribis:

> I recently tried to configure the certbot-service with the dns
> challenge type. It failed, because certbot tries to ask whether you're
> okay with letsencrypt knowing (and potentially logging) your IP
> address, but within an mcron task that just fails.
>
> The solution is to add the --manual-public-ip-logging-ok flag, so
> here's a patch to do that!

[...]

> --- a/gnu/services/certbot.scm
> +++ b/gnu/services/certbot.scm
> @@ -99,6 +99,7 @@
>                              "--manual"
>                              (string-append "--preferred-challenges=" challenge)
>                              "--cert-name" name
> +                            "--manual-public-ip-logging-ok"
>                              "-d" (string-join domains ","))

Perhaps we should pass --manual-public-ip-logging-ok only when
‘challenge’ has the expected value (DNS challenge type; what’s the value
for that?), and also document that prominently in the manual?

Thanks,
Ludo’.

Patch
diff mbox series

From 4a888155261caba0c4e11f8515a271ba33b92bc6 Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <carlo@zancanaro.id.au>
Date: Sat, 10 Aug 2019 22:52:50 +1000
Subject: [PATCH] services: certbot: Add --manual-public-ip-logging-ok for
 manual challenges

* gnu/services/certbot.scm (certbot-command): Add
  --manual-public-ip-logging-ok flag to the certbot command when doing a
  manual challenge.
---
 gnu/services/certbot.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index ae34ad17bb..0d3be03383 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -99,6 +99,7 @@ 
                             "--manual"
                             (string-append "--preferred-challenges=" challenge)
                             "--cert-name" name
+                            "--manual-public-ip-logging-ok"
                             "-d" (string-join domains ","))
                       (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
                       (if authentication-hook
-- 
2.22.0