root
/
greenlock-cli.js
鏡像自 https://git.coolaj86.com/coolaj86/greenlock-cli.js
2
0
Fork 0
程式碼 問題 2 版本發布 Wiki 動態

Skipping verification #2

新增問題
開放中
建立於 2020-07-26 17:57:53 +00:00 由 Ghost · 5 comment
Ghost 已留言 2020-07-26 17:57:53 +00:00
複製連結

Hi, AJ,

Haven't been in touch for a while, but I'm still using the Greenlock CLI client, which has been serving me well.

I've hit a bit of a snag with the pre-flight checks: they don't work in our setup, because we serve different DNS externally to internally and there is some port forwarding going on.

I can see the ACME library has options to skip the checks (skipChallengeTests and skipDryRun) but as far as I can tell these aren't wired up to the CLI, or even to the greenlock module.

I took a quick look around the code to consider making a quick fix, but the CLI seems to be using some older module versions, etc., so I wasn't sure of the best way to proceed.

Would you be able to help, either by wiring this up for me, or by giving me some pointers for how to put together some code changes for this?

Smiles,

Ben

Hi, AJ, Haven't been in touch for a while, but I'm still using the Greenlock CLI client, which has been serving me well. I've hit a bit of a snag with the pre-flight checks: they don't work in our setup, because we serve different DNS externally to internally and there is some port forwarding going on. I can see the ACME library has options to skip the checks (skipChallengeTests and skipDryRun) but as far as I can tell these aren't wired up to the CLI, or even to the greenlock module. I took a quick look around the code to consider making a quick fix, but the CLI seems to be using some older module versions, etc., so I wasn't sure of the best way to proceed. Would you be able to help, either by wiring this up for me, or by giving me some pointers for how to put together some code changes for this? Smiles, Ben
coolaj86 已留言 2020-07-28 05:27:37 +00:00
擁有者
複製連結

Ah, yes, this old thing.

For the moment, I would say just hack your local version. Then ping me again in about 10 days.

I've just wrapped up two projects I was working on and I've got some Greenlock work on my docket for this week. I'll keep your request in mind and see if I can update the CLI.

What are the options you currently use?

Ah, yes, this old thing. For the moment, I would say just hack your local version. Then ping me again in about 10 days. I've just wrapped up two projects I was working on and I've got some Greenlock work on my docket for this week. I'll keep your request in mind and see if I can update the CLI. What are the options you currently use?
coolaj86 已留言 2020-07-28 05:27:53 +00:00
擁有者
複製連結

P.S. Nice to see you again. :)

P.S. Nice to see you again. :)
Ghost 已留言 2020-08-08 13:05:59 +00:00
作者
複製連結

Hi, AJ. Yeah, it's nice to be in touch again!

Current invocation for old protocol:

greenlock \
	--agree-tos \
	--email {{ admin_email }}
	--webroot --webroot-path /var/local/greenroot \
	--config-dir /var/local/greenlock \
	--domains "$1" \
	--renew-within 28 \
	--server https://acme-v01.api.letsencrypt.org/directory \
	> "$TMP" 2>&1

Desired invocation for new protocol:

node --harmony `which greenlock` certonly \
	--agree-tos \
	--email {{ admin_email }} \
	--webroot --root /var/local/greenroot \
	--config-dir /var/local/greenlock \
	--domains "$1" \
	--renew-within 28 \
	--acme-version draft-11 --acme-url https://acme-v02.api.letsencrypt.org/directory \
	> "$TMP" 2>&1
Hi, AJ. Yeah, it's nice to be in touch again! Current invocation for old protocol: ``` greenlock \ --agree-tos \ --email {{ admin_email }} --webroot --webroot-path /var/local/greenroot \ --config-dir /var/local/greenlock \ --domains "$1" \ --renew-within 28 \ --server https://acme-v01.api.letsencrypt.org/directory \ > "$TMP" 2>&1 ``` Desired invocation for new protocol: ``` node --harmony `which greenlock` certonly \ --agree-tos \ --email {{ admin_email }} \ --webroot --root /var/local/greenroot \ --config-dir /var/local/greenlock \ --domains "$1" \ --renew-within 28 \ --acme-version draft-11 --acme-url https://acme-v02.api.letsencrypt.org/directory \ > "$TMP" 2>&1 ```
Ghost 已留言 2020-08-08 13:09:16 +00:00
作者
複製連結

BTW, we were using v2.2.10, upgrading to v2.3.3 (^v2.3).

BTW, we were using `v2.2.10`, upgrading to `v2.3.3` (`^v2.3`).
Ghost 已留言 2021-06-21 11:56:11 +00:00
作者
複製連結

I avoided needing to skip this check with some reconfiguration on our server. The check doesn't have much value, but at least it doesn't prevent the renewal now. I guess this is still a nice-to-have, so it might be worth leaving open, but it's certainly not an issue for me now.

I avoided needing to skip this check with some reconfiguration on our server. The check doesn't have much value, but at least it doesn't prevent the renewal now. I guess this is still a nice-to-have, so it might be worth leaving open, but it's certainly not an issue for me now.
登入 才能加入這對話。
未指定分支或標籤
分支 標籤
master
v3
v2.3
greenlock
v1.x
pull/11/master
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.13
v2.2.12
v2.2.11
v2.2.9
v2.2.8
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.0
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
標籤
清除已選取標籤
沒有項目
未選擇標籤
里程碑
清除已選取里程碑
沒有項目
未選擇里程碑
負責人
清除負責人
沒有負責人
2 參與者
通知
截止日期
截止日期無效或超出範圍,請使用「yyyy-mm-dd」的格式。

未設定截止日期。

先決條件

未設定先決條件。

參考: root/greenlock-cli.js#2
No description provided.
刪除分支「%!s(<nil>)」

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?