Closed xdgc closed 7 years ago
kristapsdz
commented
7 years ago Good point. I figured the challenge part would be obvious because it's required in invoking the acme-client process, but it can't hurt. Can you update the manpage as well in your patch?
xdgc
commented
7 years ago Ah, yes - I will do that. It's a holiday here, will get to this in the next couple of days.
xdgc
commented
7 years ago I took the liberty of expanding the text on -t and of adding an example. Happy to make any changes you prefer.
fraenki
commented
7 years ago Looks interesting. Is there an ETA for merging this PR?
kristapsdz
commented
7 years ago Done. I moved around the manpage bits quite a lot, however. But other than that, thanks!
@fraenki, if you have feature requests and aren't willing to contribute patches like @xdgc's excellent work, you can request ETAs by establishing a paid contract.
fraenki
commented
7 years ago @kristapsdz, thanks for the clarification. Point taken.
When -t is used to perform a challenge using dns-01 or some other hypothetical challenge type, only the token and thumbprint are displayed. That's not enough information to set up challenge response manually. This patch extends the chngproc IPC semantics and the stdout from netproc to provide the challenge type and domain name being challenged. That's enough for external challenge setup.
This particularly comes into interest when retrieving a single certificate with multiple subjectAlternativeNames, especially when those alt names are in different DNS domains and might require different account authorizations to perform updates.