Skipping verification #2

Новая задача

Открыто

открыт 2020-07-26 17:57:53 +00:00 пользователем Ghost · комментариев: 5

Ghost прокомментировал(а) 2020-07-26 17:57:53 +00:00

Копировать ссылку

Hi, AJ,

Haven't been in touch for a while, but I'm still using the Greenlock CLI client, which has been serving me well.

I've hit a bit of a snag with the pre-flight checks: they don't work in our setup, because we serve different DNS externally to internally and there is some port forwarding going on.

I can see the ACME library has options to skip the checks (skipChallengeTests and skipDryRun) but as far as I can tell these aren't wired up to the CLI, or even to the greenlock module.

I took a quick look around the code to consider making a quick fix, but the CLI seems to be using some older module versions, etc., so I wasn't sure of the best way to proceed.

Would you be able to help, either by wiring this up for me, or by giving me some pointers for how to put together some code changes for this?

Smiles,

Ben

Hi, AJ, Haven't been in touch for a while, but I'm still using the Greenlock CLI client, which has been serving me well. I've hit a bit of a snag with the pre-flight checks: they don't work in our setup, because we serve different DNS externally to internally and there is some port forwarding going on. I can see the ACME library has options to skip the checks (skipChallengeTests and skipDryRun) but as far as I can tell these aren't wired up to the CLI, or even to the greenlock module. I took a quick look around the code to consider making a quick fix, but the CLI seems to be using some older module versions, etc., so I wasn't sure of the best way to proceed. Would you be able to help, either by wiring this up for me, or by giving me some pointers for how to put together some code changes for this? Smiles, Ben

coolaj86 прокомментировал(а) 2020-07-28 05:27:37 +00:00

Владелец

Копировать ссылку

Ah, yes, this old thing.

For the moment, I would say just hack your local version. Then ping me again in about 10 days.

I've just wrapped up two projects I was working on and I've got some Greenlock work on my docket for this week. I'll keep your request in mind and see if I can update the CLI.

What are the options you currently use?

Ah, yes, this old thing. For the moment, I would say just hack your local version. Then ping me again in about 10 days. I've just wrapped up two projects I was working on and I've got some Greenlock work on my docket for this week. I'll keep your request in mind and see if I can update the CLI. What are the options you currently use?

coolaj86 прокомментировал(а) 2020-07-28 05:27:53 +00:00

Владелец

Копировать ссылку

P.S. Nice to see you again. :)

P.S. Nice to see you again. :)

Ghost прокомментировал(а) 2020-08-08 13:05:59 +00:00

Автор

Копировать ссылку

Hi, AJ. Yeah, it's nice to be in touch again!

Current invocation for old protocol:

greenlock \
	--agree-tos \
	--email {{ admin_email }}
	--webroot --webroot-path /var/local/greenroot \
	--config-dir /var/local/greenlock \
	--domains "$1" \
	--renew-within 28 \
	--server https://acme-v01.api.letsencrypt.org/directory \
	> "$TMP" 2>&1

Desired invocation for new protocol:

node --harmony `which greenlock` certonly \
	--agree-tos \
	--email {{ admin_email }} \
	--webroot --root /var/local/greenroot \
	--config-dir /var/local/greenlock \
	--domains "$1" \
	--renew-within 28 \
	--acme-version draft-11 --acme-url https://acme-v02.api.letsencrypt.org/directory \
	> "$TMP" 2>&1

Hi, AJ. Yeah, it's nice to be in touch again! Current invocation for old protocol: ``` greenlock \ --agree-tos \ --email {{ admin_email }} --webroot --webroot-path /var/local/greenroot \ --config-dir /var/local/greenlock \ --domains "$1" \ --renew-within 28 \ --server https://acme-v01.api.letsencrypt.org/directory \ > "$TMP" 2>&1 ``` Desired invocation for new protocol: ``` node --harmony `which greenlock` certonly \ --agree-tos \ --email {{ admin_email }} \ --webroot --root /var/local/greenroot \ --config-dir /var/local/greenlock \ --domains "$1" \ --renew-within 28 \ --acme-version draft-11 --acme-url https://acme-v02.api.letsencrypt.org/directory \ > "$TMP" 2>&1 ```

Ghost прокомментировал(а) 2020-08-08 13:09:16 +00:00

Автор

Копировать ссылку

BTW, we were using v2.2.10, upgrading to v2.3.3 (^v2.3).

BTW, we were using `v2.2.10`, upgrading to `v2.3.3` (`^v2.3`).

Ghost прокомментировал(а) 2021-06-21 11:56:11 +00:00

Автор

Копировать ссылку

I avoided needing to skip this check with some reconfiguration on our server. The check doesn't have much value, but at least it doesn't prevent the renewal now. I guess this is still a nice-to-have, so it might be worth leaving open, but it's certainly not an issue for me now.

I avoided needing to skip this check with some reconfiguration on our server. The check doesn't have much value, but at least it doesn't prevent the renewal now. I guess this is still a nice-to-have, so it might be worth leaving open, but it's certainly not an issue for me now.

Войдите, чтобы присоединиться к обсуждению.

Не указана ветка или тэг

Ветки Теги

master

v3

v2.3

greenlock

v1.x

pull/11/master

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.13

v2.2.12

v2.2.11

v2.2.9

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.0

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Метки

Очистить метки

Нет элементов

Нет меток

Этап

Очистить этап

Нет элементов

Нет этапа

Назначенные

Убрать ответственных

Нет назначенных лиц

2 участников

Уведомления

Подписаться

Срок выполнения

Срок действия недействителен или находится за пределами допустимого диапазона. Пожалуйста, используйте формат 'гггг-мм-дд'.

Срок выполнения не установлен.

Зависимости

Зависимостей нет.

Ссылка: root/greenlock-cli.js#2

Описание отсутствует.