Closed xdgc closed 7 years ago
Good point. I figured the challenge part would be obvious because it's required in invoking the acme-client process, but it can't hurt. Can you update the manpage as well in your patch?
Ah, yes - I will do that. It's a holiday here, will get to this in the next couple of days.
I took the liberty of expanding the text on -t and of adding an example. Happy to make any changes you prefer.
Looks interesting. Is there an ETA for merging this PR?
Done. I moved around the manpage bits quite a lot, however. But other than that, thanks!
@fraenki, if you have feature requests and aren't willing to contribute patches like @xdgc's excellent work, you can request ETAs by establishing a paid contract.
@kristapsdz, thanks for the clarification. Point taken.
When -t is used to perform a challenge using dns-01 or some other hypothetical challenge type, only the token and thumbprint are displayed. That's not enough information to set up challenge response manually. This patch extends the chngproc IPC semantics and the stdout from netproc to provide the challenge type and domain name being challenged. That's enough for external challenge setup.
This particularly comes into interest when retrieving a single certificate with multiple subjectAlternativeNames, especially when those alt names are in different DNS domains and might require different account authorizations to perform updates.