9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] acmed bug fixes and external challenge script
@ 2021-10-24 23:45 cinap_lenrek
  2021-10-25  3:14 ` ori
  0 siblings, 1 reply; 4+ messages in thread
From: cinap_lenrek @ 2021-10-24 23:45 UTC (permalink / raw)
  To: 9front

ok, got my hands dirty with honest acmed.

dnschallenge was not working for me because apparently
they require a new cca record for the domain in question.

i'v just pushed a fix for ndb/dns so you can specify
one in ndb like:

cca=letsencrypt.org

the tag= and flags= attributes are optional and
default to tag="issue" and flags=0.

next problem is the bullshit with having to pass a domain
manually to achmed when using dns method. this is unneccesary
as the csr already comtains the domains and the protocol
gives you which domain (identifier) a challenge is for.

we just have to use the information (and verify it is
actually listed in the csr as you cant trust the honest
acme server).

and last, my setup is a bit more complicated and just
refreshing /net/dns is not the right thing for me,
so i need a bit of a script that helps with this.

so acmed now allows to use a script command passed
with the -e flag which it runs passing four arguments:

- challenge type
- identifier (domain)
- token
- auth response

with that, i can do the appropriate thing depending
on challenge type and domain.

the rest is just fixing error paths and filedescriptor
leaks.

patch: http://okturing.com/src/12325/body

--
cinap

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-10-26  9:07 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-24 23:45 [9front] acmed bug fixes and external challenge script cinap_lenrek
2021-10-25  3:14 ` ori
2021-10-25 18:09   ` sirjofri
2021-10-25 21:49     ` cinap_lenrek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).