Manual Verification Scripting


#1

I’m attempting to setup an automated process based on the --manual plugin since my servers exist in multiple hosts and we use docker extensively.

My issue at the moment is how to get the acme-challenge codes in an non-interactive manner. I would like to script something like:

$ letsencrypt -d mydomain.com -d mydomain2.com --manual --get-challenge

that would return the challenge for each domain, I would parse and setup it as I desire, and then invoke:

$ letsencrypt -d mydomain.com -d mydomain2.com --manual --check-challenge

and it would validate all the domains.

Also, where do I get a list of all cli options available? I know from examples of flags like “–email” or “–agree-tos” but I can’t find a complete list, for example I would love to skip the “your IP will be logged” dialog.


#2

See https://github.com/diafygi/acme-tiny/ and/or https://github.com/diafygi/letsencrypt-nosudo


#3

Personally I would go with something like https://github.com/unixcharles/acme-client in your scenario. It’s a Ruby gem (=package), so you could write a Ruby script that takes care of the ACME bits and the other stuff you need to serve challenge files.

README contains a basic sample script. Getting the challenge file name and content is as simple as calling challenge.filename and challenge.file_content.

(Not to make this too Ruby-focused: There are similar libraries for other languages, take a look at the list of client implementations.)