From c6037861f4e41df6052d6560b8987734ab2abce0 Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Sun, 5 May 2019 18:41:13 +0200 Subject: [PATCH] Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted. --- man/en/acmed.toml.5 | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5 index 295b3e1..149a844 100644 --- a/man/en/acmed.toml.5 +++ b/man/en/acmed.toml.5 @@ -363,16 +363,38 @@ to solve the challenge and .Xr rm 1 to clean it. +.Xr mkdir 1 +and +.Xr chmod 1 +are used to prevent issues related to file access. .Bd -literal -offset indent [[hook]] -name = "echo" +name = "http-01-echo-mkdir" +type = ["challenge-http-01"] +cmd = "mkdir" +args = [ + "-m", "0755", + "-p", "/var/www/{{domain}}/.well-known/acme-challenge" +] + +[[hook]] +name = "http-01-echo-echo" type = ["challenge-http-01"] cmd = "echo" args = ["{{proof}}"] stdout = "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}" [[hook]] -name = "echo-clean" +name = "http-01-echo-chmod" +type = ["challenge-http-01-clean"] +cmd = "chmod" +args = [ + "a+r", + "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}" +] + +[[hook]] +name = "http-01-echo-clean" type = ["challenge-http-01-clean"] cmd = "rm" args = [ @@ -381,15 +403,20 @@ args = [ ] .Ed .Pp -The two above hooks can be grouped in order to reduce the number of hooks to define in the certificate. +The hooks from the previous example can be grouped in order to reduce the number of hooks to define in the certificate. .Bd -literal -offset indent [[group]] -name = "http-echo" -hooks = ["echo", "echo-clean"] +name = "http-01-echo-var-www" +hooks = [ + "http-01-echo-mkdir", + "http-01-echo-echo", + "http-01-echo-chmod", + "http-01-echo-clean" +] [[certificate]] # Some fields omitted -hooks = ["http-echo"] +hooks = ["http-01-echo-var-www"] .Ed .Pp