add HOOK_CHALLENGE option to run a command before the reponse

b33f1288 · Simon Ruderich · d211fece · b33f1288 · b33f1288
Commit b33f1288 authored Dec 06, 2015 by Simon Ruderich
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

config.sh.example config.sh.example +5 -0

letsencrypt.sh letsencrypt.sh +6 -0

No files found.
--- a/config.sh.example
+++ b/config.sh.example
@@ -2,3 +2,8 @@

 #CA="https://acme-v01.api.letsencrypt.org"
 WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
+
+# program called before responding to the challenge, arguments: path/to/token
+# token; can be used to e.g. upload the challenge if this script doesn't run
+# on the webserver
+#HOOK_CHALLENGE=
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -7,6 +7,7 @@ set -o pipefail
 # default config values
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
+HOOK_CHALLENGE=

 . ./config.sh

@@ -126,6 +127,11 @@ sign_domain() {
    printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}"
    chmod a+r "${WELLKNOWN}/${challenge_token}"

+    # Wait for hook script to deploy the challenge if used
+    if [ -n "${HOOK_CHALLENGE}" ]; then
+        ${HOOK_CHALLENGE} "${WELLKNOWN}/${challenge_token}" "${keyauth}"
+    fi
+
    # Ask the acme-server to verify our challenge and wait until it becomes valid
    echo "  + Responding to challenge for ${altname}..."
    result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"