search

srvrco / getssl

obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
GNU General Public License v3.0
2.1k stars 378 forks source link

ACL Challenge Issue #586

Open amebfederal opened 4 years ago

amebfederal commented 4 years ago

I am trying to verify acme challenge. I have two servers sitting behind a loadbalancer.

I am using below code to copy challenge code to both of the server but it is being copied to only one (second one)

ACL=('/var/www/html/clients_website/public/.well-known/acme-challenge' 'ssh:username@client01:/var/www/html/clients_website/public/.well-known/acme-challenge')

Since challenge is copied to only one server, challenge is failed most of the time

Any idea why this is happening ?

timkimber commented 4 years ago

Hi @amebfederal

The documentation for the ACL variable isn't good (I'll add this to my list of things to fix). You need to separate the two locations using a semi-colon instead of using two elements in the array, i.e.

ACL=('/var/www/html/clients_website/public/.well-known/acme-challenge;ssh:username@client01:/var/www/html/clients_website/public/.well-known/acme-challenge')

amebfederal commented 4 years ago

Great that worked. Would be good to have this in documentation. Did not realise this is for one domain and then separated by next line for additional domain name.

Thanks for your help.

timkimber commented 4 years ago

I've updated the wiki and the default getssl.cfg file so I'm closing this issue

zedtux commented 2 years ago

Oh ! I've spent some hours on this one 'cause of those lines which are generating a default config file without the magic semi-colon.

Shouldn't you update them too ?

Edit Actually, all the wiki pages I've read are showing the invalid way and need to be updated.

timkimber commented 2 years ago

@zedtux thanks for pointing this out - I'll find the wiki pages that need updating and make the default config clearer

zedtux commented 2 years ago

I've also spotted the README.md and to be honest, I have never found place, excepted this issue, where there's the semi-colon example.

BTW I would like to share with you a Chef cookbook I've made for getssl : https://gitlab.com/hydrana/getssl-cookbook

timkimber commented 2 years ago

I'm going to update the documentation to explain there are 5 scenarios for the ACL variable:

  1. Single domain, single server = single value in ACL
  2. Multiple domains, single server = single value in ACL and set USE_SINGLE_ACL=true
  3. Multiple domains, single server = array of duplicate values in ACL and set USE_SINGLE_ACL=false
  4. Multiple domains, multiple servers = array of values in ACL (one for each domain)
  5. Single domain, multiple servers = multiple values in ACL separated by semi-colons