rails-letsencrypt icon indicating copy to clipboard operation
rails-letsencrypt copied to clipboard

Published 20 hours ago verified publisher icon elct9620

Support rails relative_root_url

Open cmacduff opened this issue 4 years ago • 4 comments

Doesn't seem like this gem supports this configuration: https://guides.rubyonrails.org/configuring.html#deploy-to-a-subdirectory-relative-url-root it always assumes the engine can be mounted at /.well_known

cmacduff avatar Aug 21 '20 19:08 cmacduff

This gem is based on Rails Engine, but I am not sure the Rails is supported relative_url_root in this case or not.

There have a https://github.com/rails/rails/issues/31476 discuss it, but the PR seems not active and didn't be merged. Maybe you can try mount LetsEncrypt::Engine => '/myroot/.well-known', I have no idea how to detect the relative_url_root in the Rails Engine for now.

elct9620 avatar Aug 22 '20 04:08 elct9620

@elct9620 I dug into this one a bit more, I don't think it's possible. The ACME challenge requires this to be at the root of the domain: https://github.com/unixcharles/acme-client/blob/38f4e17bc9e4ec21c3a417a085d843d1fb7f8b4d/lib/acme/client/resources/challenges/http01.rb#L16 which is how the spec is written for an HTTP-01 challenge: https://letsencrypt.org/docs/challenge-types/

There could be support for a DNS-01 challenge, which the ACME client does support: https://github.com/unixcharles/acme-client#preparing-for-dns-challenge This gem would have to support different DNS services.

If I put together something to support multiple DNS services with a setup for Route53, would you be open to a PR for that?

cmacduff avatar Aug 24 '20 17:08 cmacduff

This gem depends on the Rails Engine, it didn't directly use acme-client to serve the /.well-known endpoint, according to the issue I point out in my previous comment, the Rails didn't support apply relative_root_url to the mounted engine.

The DNS support is required the plugin support for this gem and changes the current flow.

For example, we may want to add Route53, CloudFlare support, but it adds a lot of dependency for others didn't need it. Therefore, we need to add the plugin gem rails-letsencrypt-router53 or rails-letsencrypt-cloudflare to extend the features to support it, I think we are not ready for it.

elct9620 avatar Aug 25 '20 02:08 elct9620

I create an issue (https://github.com/elct9620/rails-letsencrypt/issues/27) for DNS-challenge feature.

elct9620 avatar Aug 25 '20 03:08 elct9620