[pve-devel] [common 9/9] implement the validating_url function for DNS challenge
Wolfgang Link
w.link at proxmox.com
Mon Oct 14 13:08:28 CEST 2019
---
src/PVE/ACME/ACME_sh.pm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm
index fc2881c..319a614 100644
--- a/src/PVE/ACME/ACME_sh.pm
+++ b/src/PVE/ACME/ACME_sh.pm
@@ -60,6 +60,39 @@ my $compose_cmd = sub {
sub validating_url {
my ($class, $acme, $auth, $auth_url, $node_config) = @_;
+ die "Only type dns is allowed as identifier\n"
+ if $auth->{identifier}->{type} ne "dns";
+ my $alias = $node_config->{'alias'} || undef;
+ print "Setting up DNS record\n";
+ my ($challenge_url, $key_digest, $domain) = eval { setup($class, $auth, $acme, $alias) };
+ die "failed to add DNS record - $@\n" if $@;
+
+ # the normal TTL is 60 sec of the TXT record
+ print "Sleeping for 120 seconds\n";
+ sleep 120;
+ print "Triggering validation\n";
+ eval {
+ $acme->request_challenge_validation($challenge_url, $key_digest);
+ print "Sleeping for 5 seconds\n";
+ sleep 5;
+ while (1) {
+ $auth = $acme->get_authorization($auth_url);
+ if ($auth->{status} eq 'pending') {
+ print "Status is still 'pending', trying again in 30 seconds\n";
+ sleep 30;
+ next;
+ } elsif ($auth->{status} eq 'valid') {
+ print "Status is 'valid'!\n";
+ last;
+ }
+ die "validating challenge '$auth_url' failed\n";
+ }
+ };
+ my $err = $@;
+
+ eval { teardown($class, $auth, $key_digest, $domain, $alias) };
+ warn "$@\n" if $@;
+ die $err if $err;
}
my $outfunc = sub {
--
2.20.1
More information about the pve-devel
mailing list