--- src/PVE/ACME/ACME_sh.pm | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm index fc2881c..319a614 100644 --- a/src/PVE/ACME/ACME_sh.pm +++ b/src/PVE/ACME/ACME_sh.pm @@ -60,6 +60,39 @@ my $compose_cmd = sub { sub validating_url { my ($class, $acme, $auth, $auth_url, $node_config) = @_; + die "Only type dns is allowed as identifier\n" + if $auth->{identifier}->{type} ne "dns"; + my $alias = $node_config->{'alias'} || undef; + print "Setting up DNS record\n"; + my ($challenge_url, $key_digest, $domain) = eval { setup($class, $auth, $acme, $alias) }; + die "failed to add DNS record - $@\n" if $@; + + # the normal TTL is 60 sec of the TXT record + print "Sleeping for 120 seconds\n"; + sleep 120; + print "Triggering validation\n"; + eval { + $acme->request_challenge_validation($challenge_url, $key_digest); + print "Sleeping for 5 seconds\n"; + sleep 5; + while (1) { + $auth = $acme->get_authorization($auth_url); + if ($auth->{status} eq 'pending') { + print "Status is still 'pending', trying again in 30 seconds\n"; + sleep 30; + next; + } elsif ($auth->{status} eq 'valid') { + print "Status is 'valid'!\n"; + last; + } + die "validating challenge '$auth_url' failed\n"; + } + }; + my $err = $@; + + eval { teardown($class, $auth, $key_digest, $domain, $alias) }; + warn "$@\n" if $@; + die $err if $err; } my $outfunc = sub { -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel