Can I sync challenges validation to another server(using scp or rsync) instead of that validation is only in that server the domain pointing to?
The server B generating cert is different from the server A that domain pointing to.
server A: xxx.example.com
server B: yyy.example.com
For eg: I want sync cert from B to A the after creating and before testing.
Maybe that logic is in this file, letsencrypt/certbot/plugins/webroot.py, line 203.
I add this code (logger.info(“webroot: %s”, validation_path)), and I run "./letsencrypt-auto certonly --webroot -w /tmp/a/ -m firstname.lastname@example.org -d xxx.example.com --agree-tos -vvvv"
It does not work.
What should I do? Thanks!
I ran this command:./letsencrypt-auto certonly --webroot -w /tmp/a/ -m email@example.com -d xxx.example.com --agree-tos
It produced this output:
404 Not Found
404 Not Found
My web server is (include version):nginx version: openresty/188.8.131.52
The operating system my web server runs on is (include version):CentOS release 6.5 (Final)
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I can think of a couple of options.
You can use a
--manual-auth-hook (documented here) to perform the rsync/scp.
You can also redirect requests for challenge resources to an entirely different server and Let’s Encrypt will follow it:
HTTP/1.1 302 Found
Whichever is easier/more suitable for you.
Actually, xxx.example.com is binding to a CDN, and CDN get source files from OSS in aliyun.com. I can only put the file from that server to OSS. So the second way setting 302 is unworkable.
But I try
./letsencrypt-auto certonly --manual --manual-auth-hook ./authenticator.sh --manual-cleanup-hook ./cleanup.sh -m firstname.lastname@example.org -d xxx.example.com --agree-tos
[root@haha005 letsencrypt]# cat authenticator.sh cleanup.sh
echo $CERTBOT_VALIDATION > /tmp/a/.well-known/acme-challenge/$CERTBOT_TOKEN
scp -P10022 /tmp/a/.well-known/acme-challenge/$CERTBOT_TOKEN email@example.com:/opt/nginx/html/acme-challenge/.well-known/acme-challenge/
rm -f /tmp/a/.well-known/acme-challenge/$CERTBOT_TOKEN
Another good tool for this might be the
getssl client, which I believe has a remote webroot feature (which does something basically like this). I’m glad you’ve also found a way to get it to work with Certbot.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.