search

diafygi / acme-nosudo

Free HTTPS certificates without having to trust the letsencrypt cli with sudo/root
GNU Affero General Public License v3.0
1.19k stars 128 forks source link

It's a nosudo script then why "sudo python..." ? #67

Closed vinaythoke closed 8 years ago

vinaythoke commented 8 years ago

Is there any other way executing the challenge passing? Provided that I have no sudo access, and that's the reason I'm here in first place, it's highly unlikely that the STEP 4 command which is the domain challenge step will work.

Please suggest. Thanks in advance for the help.

romain-dartigues commented 8 years ago

It's a nosudo script then why "sudo python..."

To bind to the port 80.

Let's Encrypt need to validate your request, as long as you can serve the challenge it will be happy.

A workaround without sudo could be something in the lines of:

python -c "import BaseHTTPServer; \
h = BaseHTTPServer.BaseHTTPRequestHandler; \
h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write('XYZ...'); \
s = BaseHTTPServer.HTTPServer(('0.0.0.0', 65080), h); \
s.serve_forever()"

Then in your HTTPD a rul to proxy requests to http://yourdomain/.well-known/acme-challenge/.* to localhost:65080.

If you don't have a shell access on the host, or whatever reason, the best way is to use the --file-based parameter:

python sign_csr.py --file-based --public-key user.pub domain.csr > signed.crt

It will tell you the path and the content of the file to put on your webserver.

vinaythoke commented 8 years ago

Thank you so much.