No environment set for script called from MDChallengeDns01 Directive

[jeremylowery]

I'm not seeing any environment passed down to the script in MDChallengeDns01 except for LC_CTYPE=C.UTF-8. Is this by design? SetEnv at the Global or VirtualHost level has no effect. Also setting system-wide environmental variables in /etc/environment has no effect.

Apache Config

MDomain test.tld
MDCertificateAgreement accepted
MDChallengeDns01 /usr/local/bin/dns01-test
MDCAChallenges dns-01
MDStoreDir /etc/apache2/md

dns01-test

#!/usr/bin/env python3
import os
with open("/tmp/debug.txt", "w") as fd:
        for k, v in os.environ.items():
            print(f"{k}={v}", file=fd)

OS: Ubuntu LTS 20.04

[icing]

Hi Jeremy,

setting the environment for scripts in an interoperable way across platforms has been proven tricky. We made some attempts in the past, but all ran into problems on Windows. So, we left the environment as is, e.g. how the httpd was started.

If you need to pass special values, e.g. the MDStoreDir, the way to do this is to add arguments to the configured command. For example

MDChallengeDns01 /usr/local/bin/dns01-test /etc/apache2/md

Does this work for you?

[jeremylowery]

I will give this try, but I assume this would get in the way of the arguments that are automatically passed to the script? "setup|teardown DOMAIN CHALLENGE" would it go on the front or end of those arguments?

My use case here is passing in API key's and SECRET's to authenticate to a third party DNS service. Passing information like that in as arguments isn't best practice AFAIK.

[icing]

The arguments are alway appended to the things you configured.

As to secrets: I agree that placing them in the apache config seems not appropriate. You could place them in a a file and give its path as an argument. But keep in mind that the scripts run as www-data (or whatever your httpd is configured to use for traffic serving).