[pve-devel] [common 8/9] implement the teardown function for DNS challenge
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Oct 22 11:20:34 CEST 2019
On October 21, 2019 12:11 pm, Wolfgang Link wrote:
>
> On 10/18/19 11:28 AM, Fabian Grünbichler wrote:
>> On October 14, 2019 1:08 pm, Wolfgang Link wrote:
>>> ---
>>> src/PVE/ACME/ACME_sh.pm | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/src/PVE/ACME/ACME_sh.pm b/src/PVE/ACME/ACME_sh.pm
>>> index e60fd93..fc2881c 100644
>>> --- a/src/PVE/ACME/ACME_sh.pm
>>> +++ b/src/PVE/ACME/ACME_sh.pm
>>> @@ -82,4 +82,11 @@ sub setup {
>>> return ($url, $digest, $domain);
>>> }
>>>
>>> +sub teardown {
>>> + my ($class, $auth, $token, $domain, $alias) = @_;
>>> +
>>> + my $cmd = &$compose_cmd('pve-teardown', $token, $domain, $alias);
>>> + PVE::Tools::run_command($cmd, outfunc => $outfunc);
>> did you test this and it actually worked? AFAICT, you need to pass the
>> same txtvalue to add and rm (setup/teardown), so this never actually
>> removes the TXT record? maybe not that noticable when testing if OVH
>> overwrites the value with the next setup()/dns_ovh_add() (not sure if it
>> does?)
> Yes, and it works because the setup function returns the digest and uses
> it in the teardown function. See Patch 9
sorry, missed that because of the variable naming combined with all the
warnings in acme.sh that you need to keep add/rm independent. since we
don't persist in-flight validations anywhere, we can't recover anyway,
so this is probably okay. worst-case, an _acme-challenge record remains
until the next attempt to renew/order a certificate for that domain.
>> also, same domain/alias handling comments apply here as well.
>>
>>> +}
>>> +
>>> 1;
>>> --
>>> 2.20.1
>>>
>>>
>>> _______________________________________________
>>> pve-devel mailing list
>>> pve-devel at pve.proxmox.com
>>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>>
>>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>
More information about the pve-devel
mailing list