On October 14, 2019 1:08 pm, Wolfgang Link wrote: > This composer supports two different operations. > pve-setup: this operation adds the DNS TXT record. > pve-teardown: this operation removes the DNS TXT record > --- > src/PVE/ACME/ACME_sh.pm | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm > index db8af9a..40be772 100644 > --- a/src/PVE/ACME/ACME_sh.pm > +++ b/src/PVE/ACME/ACME_sh.pm > @@ -38,6 +38,22 @@ my $get_dnsapi_conf = sub { > return ($api_plugin, "$API_CRED_DIR/$api_plugin.cred"); > }; > > +my $compose_cmd = sub { > + my ($op, $token, $domain, $alias) = @_;
$token is not the token from the challenge, but the base64url-encoded, hashed key_authorization? please name variables for what they actually contain.. > + > + my ($dns_api_plugin, $cred_file_path) = &$get_dnsapi_conf(); > + > + # valid operations for this composer are pve-setup and pve-teardown > + my @cmd = ('/usr/sbin/acme', "--$op"); > + push @cmd, '--webroot', $dns_api_plugin; huh? webroot is something different altogether, why use this term here? > + push @cmd, '--domain', "_acme-challenge.$domain"; either the domain is $domain (if it is still used to derive some validation response value somehow?) > + push @cmd, '--token', $token; same here.. > + push @cmd, '--accountconf', $cred_file_path; > + push @cmd, '--challenge-alias', $alias if defined($alias); or the domain should be replaced with the aliased domain, since it just signifies under which key the TXT record is created? this command is supposed to be just a thin wrapper around the DNS API plugins, I'd expect the following: acme --pve-setup --plugin-conf $cred_file_path --plugin foo --domain $fulldomain --txtvalue $txtvalue where $fulldomain is either the regular domain, or the alias.. or am I missing something here? > + > + return \@cmd; > +}; > + > sub validating_url { > my ($class, $acme, $auth, $auth_url, $node_config) = @_; > > -- > 2.20.1 > > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel