acme

acme copied to clipboard

This change provides a new option -webroot to the "acme cert" subcommand, taking a directory taking a directory as argument, and mutually exclusive with -dns or -manual.

If that option is used, behavior is similar to -manual, but the challenge file is directly written to the specified webroot, by appending ".well-known/acme-challenge/hjxyhksjhdf" to that given directory, and writing the file there.

By default the file mode will be read/write only for the owner. The optional "-webroot-mode 0640" argument, taking the usual unix integer file mode as value, can be used to change that to the specified mode.

The given webroot directory, including subdirectory ".well-known" and "acme-challenge" in there, must already exist (and of course be writable to the user running the acme client). No directory is created automatically, to avoid accidentally throwing stuff into unintended destinations.

Finally, different from -manual, the challenge file is automatically removed after the challenge has been completed - whether that succeeded or failed.

Oh man, I've been missing on all your PRs somehow. My bad, sorry. Will review them shortly.