Skipping verification #2

Nueva incidencia

Abierta

abierta 2020-07-26 17:57:53 +00:00 por Ghost · 5 comentarios

Ghost comentado 2020-07-26 17:57:53 +00:00

Copiar enlace

Hi, AJ,

Haven't been in touch for a while, but I'm still using the Greenlock CLI client, which has been serving me well.

I've hit a bit of a snag with the pre-flight checks: they don't work in our setup, because we serve different DNS externally to internally and there is some port forwarding going on.

I can see the ACME library has options to skip the checks (skipChallengeTests and skipDryRun) but as far as I can tell these aren't wired up to the CLI, or even to the greenlock module.

I took a quick look around the code to consider making a quick fix, but the CLI seems to be using some older module versions, etc., so I wasn't sure of the best way to proceed.

Would you be able to help, either by wiring this up for me, or by giving me some pointers for how to put together some code changes for this?

Smiles,

Ben

Hi, AJ, Haven't been in touch for a while, but I'm still using the Greenlock CLI client, which has been serving me well. I've hit a bit of a snag with the pre-flight checks: they don't work in our setup, because we serve different DNS externally to internally and there is some port forwarding going on. I can see the ACME library has options to skip the checks (skipChallengeTests and skipDryRun) but as far as I can tell these aren't wired up to the CLI, or even to the greenlock module. I took a quick look around the code to consider making a quick fix, but the CLI seems to be using some older module versions, etc., so I wasn't sure of the best way to proceed. Would you be able to help, either by wiring this up for me, or by giving me some pointers for how to put together some code changes for this? Smiles, Ben

coolaj86 comentado 2020-07-28 05:27:37 +00:00

Propietario

Copiar enlace

Ah, yes, this old thing.

For the moment, I would say just hack your local version. Then ping me again in about 10 days.

I've just wrapped up two projects I was working on and I've got some Greenlock work on my docket for this week. I'll keep your request in mind and see if I can update the CLI.

What are the options you currently use?

Ah, yes, this old thing. For the moment, I would say just hack your local version. Then ping me again in about 10 days. I've just wrapped up two projects I was working on and I've got some Greenlock work on my docket for this week. I'll keep your request in mind and see if I can update the CLI. What are the options you currently use?

coolaj86 comentado 2020-07-28 05:27:53 +00:00

Propietario

Copiar enlace

P.S. Nice to see you again. :)

P.S. Nice to see you again. :)

Ghost comentado 2020-08-08 13:05:59 +00:00

Autoría

Copiar enlace

Hi, AJ. Yeah, it's nice to be in touch again!

Current invocation for old protocol:

greenlock \
	--agree-tos \
	--email {{ admin_email }}
	--webroot --webroot-path /var/local/greenroot \
	--config-dir /var/local/greenlock \
	--domains "$1" \
	--renew-within 28 \
	--server https://acme-v01.api.letsencrypt.org/directory \
	> "$TMP" 2>&1

Desired invocation for new protocol:

node --harmony `which greenlock` certonly \
	--agree-tos \
	--email {{ admin_email }} \
	--webroot --root /var/local/greenroot \
	--config-dir /var/local/greenlock \
	--domains "$1" \
	--renew-within 28 \
	--acme-version draft-11 --acme-url https://acme-v02.api.letsencrypt.org/directory \
	> "$TMP" 2>&1

Hi, AJ. Yeah, it's nice to be in touch again! Current invocation for old protocol: ``` greenlock \ --agree-tos \ --email {{ admin_email }} --webroot --webroot-path /var/local/greenroot \ --config-dir /var/local/greenlock \ --domains "$1" \ --renew-within 28 \ --server https://acme-v01.api.letsencrypt.org/directory \ > "$TMP" 2>&1 ``` Desired invocation for new protocol: ``` node --harmony `which greenlock` certonly \ --agree-tos \ --email {{ admin_email }} \ --webroot --root /var/local/greenroot \ --config-dir /var/local/greenlock \ --domains "$1" \ --renew-within 28 \ --acme-version draft-11 --acme-url https://acme-v02.api.letsencrypt.org/directory \ > "$TMP" 2>&1 ```

Ghost comentado 2020-08-08 13:09:16 +00:00

Autoría

Copiar enlace

BTW, we were using v2.2.10, upgrading to v2.3.3 (^v2.3).

BTW, we were using `v2.2.10`, upgrading to `v2.3.3` (`^v2.3`).

Ghost comentado 2021-06-21 11:56:11 +00:00

Autoría

Copiar enlace

I avoided needing to skip this check with some reconfiguration on our server. The check doesn't have much value, but at least it doesn't prevent the renewal now. I guess this is still a nice-to-have, so it might be worth leaving open, but it's certainly not an issue for me now.

I avoided needing to skip this check with some reconfiguration on our server. The check doesn't have much value, but at least it doesn't prevent the renewal now. I guess this is still a nice-to-have, so it might be worth leaving open, but it's certainly not an issue for me now.

Inicie sesión para unirse a esta conversación.

Ninguna Rama/Etiqueta especificada

Ramas Etiquetas

master

v3

v2.3

greenlock

v1.x

pull/11/master

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.13

v2.2.12

v2.2.11

v2.2.9

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.0

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Etiquetas

Limpiar etiquetas

No hay elementos

Sin etiquetas

Milestone

Limpiar Milestone

No hay elementos

Sin Milestone

Asignados

Limpiar asignados

No asignados

2 participantes

Notificaciones

Suscribir

Fecha de vencimiento

La fecha de vencimiento es inválida o está fuera de rango. Por favor utilice el formato 'aaaa-mm-dd'.

Sin fecha de vencimiento.

Dependencias

No se han establecido dependencias.

Referencia: root/greenlock-cli.js#2

No se ha proporcionado una descripción.