WIP: Allow MDChallengeDns01 directive globally or by domain

[bilhackmac]

Allow to define MDChallengeDns01 for a domain set or fallback to global one.

MR status :

• WIP
• Not tested
• Only config accept change. Global MDChallengeDns01 still used

Fix #305

[icing]

Thanks for the PR. Merged it via #307 with a test and some fixes.

Please verify if this works in your environment.

[bilhackmac]

Oh thanks !!

I had planned to continue working on it this week.

I'll test it as soon as I can

[bilhackmac]

It works great !

Thanks

[bilhackmac]

After some deeper test I found a little mistake in store and I don't understand why, but teardown is not called anymore

[icing]

It might be the effect of the JSON mistakes you found. Could you verify it that resolves the issue?

[bilhackmac]

No it don't fix.

When I correct md_core.c, md.json is fixed from

{
  …
  "proto": {
    "acme-tls/1": []
  },
  "cmd-dns-01": "bin/acme-dns01-ovh tld /auth-ovh"
}

to

{
  …
  "proto": {
    "acme-tls/1": []
  },
  "stapling": true,
  "cmd-dns-01": "bin/acme-dns01-ovh tld /auth-ovh"
}

But teardown not called anymore, even after server restart

[icing]

Hmm, a LogLevel md:trace2 could reveal what is happening, e.g. if the function cha_dns_01_teardown() is called and what it find the challenge command to be.

[bilhackmac]

Relevant part

2023-02-28 11:18:00.698373 md:debug - order teardown setup tls-alpn-01:www.example.com

https://github.com/icing/mod_md/blob/master/src/md_acme_order.c#L241 setup_token is identified as tls-alpn-01 instead dns-01

[bilhackmac]

Found !

https://github.com/icing/mod_md/blob/master/src/md_acme_authz.c#L637

It's

- challenge_setup = CHA_TYPES[i].name;
+ challenge_setup = CHA_TYPES[j].name;

[icing]

Nice catch!

[icing]

Fixed it in master. Is that all we needed?

[bilhackmac]

There remains the review on #307 and we're all good

[icing]

Thanks, added now.