Open glkz opened 8 years ago
xenolf
commented
8 years ago I had a quick look at what the "manual" plugin does for the official client. Am I right with the assumption that lego would need to output curl commands for example which a user could use to run them on a distant machine?
glkz
commented
8 years ago Curl commands are not necessary. I think just printing the challenge with some instructions and waiting user's action to continue would be sufficient.
For example, something like this for http-01:
$ lego --domains example.com --email admin@example.com run --manual
...
A HTTP get request to url
http://example.com/.well-known/acme-challenge/{token}
must return the following string in the response body
{jws string here}
Press ENTER when your server is ready. 
fenderle
commented
8 years ago +1
uwe
commented
8 years ago +1
yonderblue
commented
8 years ago Is there a way to use this for an automated process of what an admin would do with it? I am interested in getting a cert that covers a group of machines, say 20 subdomains where each subdomain is only hosted from one machine in a way to avoid rate limits.
xenolf
commented
8 years ago @gaillard Why not get a SAN cert for the 20 subdomains and then distribute them across your machines?
mholt
commented
6 years ago Wondering if this is still necessary anymore; and even if so, if it is a good idea at all. The goal is to automate the process of managing certificates. If there a manual step is possible, then we fall short of that and people continue to rely on manual ways.
When we cannot run an ACME client on the target server a "manual" mode for the
http-01andtls-sni-01challenges would be helpful.Adding
--manualflag toruncommand can be a solution imho.Btw, Let's Encrypt client has a plugin for this.