[pve-devel] [common 9/9] implement the validating_url function for DNS challenge

Wolfgang Link w.link at proxmox.com
Mon Oct 14 13:08:28 CEST 2019


---
 src/PVE/ACME/ACME_sh.pm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm
index fc2881c..319a614 100644
--- a/src/PVE/ACME/ACME_sh.pm
+++ b/src/PVE/ACME/ACME_sh.pm
@@ -60,6 +60,39 @@ my $compose_cmd = sub {
 sub validating_url {
     my ($class, $acme, $auth, $auth_url, $node_config) = @_;
 
+    die "Only type dns is allowed as identifier\n"
+	if $auth->{identifier}->{type} ne "dns";
+    my $alias = $node_config->{'alias'} || undef;
+    print "Setting up DNS record\n";
+    my ($challenge_url, $key_digest, $domain) = eval { setup($class, $auth, $acme, $alias) };
+    die "failed to add DNS record - $@\n" if $@;
+
+    # the normal TTL is 60 sec of the TXT record
+    print "Sleeping for 120 seconds\n";
+    sleep 120;
+    print "Triggering validation\n";
+    eval {
+	$acme->request_challenge_validation($challenge_url, $key_digest);
+	print "Sleeping for 5 seconds\n";
+	sleep 5;
+	while (1) {
+	    $auth = $acme->get_authorization($auth_url);
+	    if ($auth->{status} eq 'pending') {
+		print "Status is still 'pending', trying again in 30 seconds\n";
+		sleep 30;
+		next;
+	    } elsif ($auth->{status} eq 'valid') {
+		print "Status is 'valid'!\n";
+		last;
+	    }
+	    die "validating challenge '$auth_url' failed\n";
+	}
+    };
+    my $err = $@;
+
+    eval { teardown($class, $auth, $key_digest, $domain, $alias) };
+    warn "$@\n" if $@;
+    die $err if $err;
 }
 
 my $outfunc = sub {
-- 
2.20.1





More information about the pve-devel mailing list