search

dehydrated-io / dehydrated

letsencrypt/acme client implemented as a shell-script – just add water
https://dehydrated.io
MIT License
5.97k stars 716 forks source link

Local file write when using http-01 and hook script #908

Open sethwklein opened 1 year ago

sethwklein commented 1 year ago

There is a workflow that involves using a hook script to copy the http-01 challenge file to another machine via ssh.

I attempted to use this by adding the following to hook.sh:

printf '%s' "$TOKEN_VALUE" \
    | ssh remote.example.com \
    "cat > $WELLKNOWN/$TOKEN_FILENAME"

This resulted in an error when dehydrated attempted to write to $WELLKNOWN/$TOKEN_FILENAME on the local machine because it doesn't skip doing so when using a hook script. I could work around that by setting $WELLKNOWN to some directory that exists on the local machine, but that seems hackish.

If it helps, the code that needs to be disabled is...

        printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_tokens[${idx}]}"
        chmod a+r "${WELLKNOWN}/${challenge_tokens[${idx}]}"

This is using dehydrated e3ef43c816f73d443f32410862d9253d35cf3f99 (master as of 2023-01-16.)

I ended up going with other tools, so I submit this issue only so that it may be useful to someone putting work into dehydrated. If it is not, it may be closed without costing me anything.

RinkAttendant6 commented 1 year ago

I ran into this issue as well (my hook script makes API call to deploy and clean challenge, rather than ssh) and it seems to be the same (or similar) as #314.

I could work around that by setting $WELLKNOWN to some directory that exists on the local machine, but that seems hackish.

I suppose it's a little hackish but you can just point it to /tmp or something.