Sync challenges validation to another server

Can I sync challenges validation to another server(using scp or rsync) instead of that validation is only in that server the domain pointing to?
The server B generating cert is different from the server A that domain pointing to.
server A:
server B:

For eg: I want sync cert from B to A the after creating and before testing.

Maybe that logic is in this file, letsencrypt/certbot/plugins/, line 203.

I add this code (“webroot: %s”, validation_path)), and I run "./letsencrypt-auto certonly --webroot -w /tmp/a/ -m -d --agree-tos -vvvv"
It does not work.

What should I do? Thanks!

Please help!!

I ran this command:./letsencrypt-auto certonly --webroot -w /tmp/a/ -m -d --agree-tos

It produced this output:

404 Not Found

404 Not Found


My web server is (include version):nginx version: openresty/

The operating system my web server runs on is (include version):CentOS release 6.5 (Final)

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I can think of a couple of options.

You can use a --manual-auth-hook (documented here) to perform the rsync/scp.

You can also redirect requests for challenge resources to an entirely different server and Let’s Encrypt will follow it:

For example,

HTTP/1.1 302 Found

Whichever is easier/more suitable for you.

Actually, is binding to a CDN, and CDN get source files from OSS in I can only put the file from that server to OSS. So the second way setting 302 is unworkable.

But I try

./letsencrypt-auto certonly --manual --manual-auth-hook ./ --manual-cleanup-hook ./ -m -d --agree-tos
[root@haha005 letsencrypt]# cat
echo $CERTBOT_VALIDATION > /tmp/a/.well-known/acme-challenge/$CERTBOT_TOKEN
scp -P10022 /tmp/a/.well-known/acme-challenge/$CERTBOT_TOKEN
rm -f /tmp/a/.well-known/acme-challenge/$CERTBOT_TOKEN

It works.

Another good tool for this might be the getssl client, which I believe has a remote webroot feature (which does something basically like this). I’m glad you’ve also found a way to get it to work with Certbot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.