Standalone Mode

[uedvt359]

I have a bunch of servers that need a TLS cert, but there is no Web server running on port 80/443. It would be neat to have the option of using an internal http server instead of writing the authorization string to disk, like certbot certonly --standalone.

The not-writing-to-disk is important to me because of embedded hardware with plain NAND flash, where unnecessary write cycles degrade the storage. Standalone mode might also be useful when automatically deploying new machines: the http server might not come up if the cert file is missing.

This should be possible in a few lines with just the standard libraries threading, http.server and socketserver.

# find the http-01 challenge and write the challenge file
import threading, http.server, socketserver
class StandaloneRequestServer(http.server.BaseHTTPRequestHandler):
    def do_GET(self):
        if self.path != "/.well-known/acme-challenge/{0}".format(token):
            return self.send_error(404)
        self.send_response(200)
        self.send_header("Content-type", "text/plain") # probably superfluous
        self.end_headers()
        self.wfile.write(keyauthorization.encode())
srv_handler = socketserver.TCPServer(("0.0.0.0", 80), StandaloneRequestServer)
threading.Thread(target=srv_handler.serve_forever, daemon=True).start()

# later:
srv_handler.shutdown()

I'm not going to fully work this out, since the current 200 line limit won't allow for it right now.