getssl icon indicating copy to clipboard operation
getssl copied to clipboard

Published 20 hours ago verified publisher icon srvrco

ACL Challenge Issue

Open amebfederal opened this issue 3 years ago • 7 comments

I am trying to verify acme challenge. I have two servers sitting behind a loadbalancer.

I am using below code to copy challenge code to both of the server but it is being copied to only one (second one)

ACL=('/var/www/html/clients_website/public/.well-known/acme-challenge' 'ssh:username@client01:/var/www/html/clients_website/public/.well-known/acme-challenge')

Since challenge is copied to only one server, challenge is failed most of the time

Any idea why this is happening ?

amebfederal avatar Sep 12 '20 00:09 amebfederal

Hi @amebfederal

The documentation for the ACL variable isn't good (I'll add this to my list of things to fix). You need to separate the two locations using a semi-colon instead of using two elements in the array, i.e.

ACL=('/var/www/html/clients_website/public/.well-known/acme-challenge;ssh:username@client01:/var/www/html/clients_website/public/.well-known/acme-challenge')

timkimber avatar Sep 13 '20 14:09 timkimber

Great that worked. Would be good to have this in documentation. Did not realise this is for one domain and then separated by next line for additional domain name.

Thanks for your help.

amebfederal avatar Sep 14 '20 00:09 amebfederal

I've updated the wiki and the default getssl.cfg file so I'm closing this issue

timkimber avatar Oct 07 '20 18:10 timkimber

Oh ! I've spent some hours on this one 'cause of those lines which are generating a default config file without the magic semi-colon.

Shouldn't you update them too ?

Edit Actually, all the wiki pages I've read are showing the invalid way and need to be updated.

zedtux avatar Feb 28 '22 19:02 zedtux

@zedtux thanks for pointing this out - I'll find the wiki pages that need updating and make the default config clearer

timkimber avatar Feb 28 '22 21:02 timkimber

I've also spotted the README.md and to be honest, I have never found place, excepted this issue, where there's the semi-colon example.

BTW I would like to share with you a Chef cookbook I've made for getssl : https://gitlab.com/hydrana/getssl-cookbook

zedtux avatar Mar 01 '22 07:03 zedtux

I'm going to update the documentation to explain there are 5 scenarios for the ACL variable:

  1. Single domain, single server = single value in ACL
  2. Multiple domains, single server = single value in ACL and set USE_SINGLE_ACL=true
  3. Multiple domains, single server = array of duplicate values in ACL and set USE_SINGLE_ACL=false
  4. Multiple domains, multiple servers = array of values in ACL (one for each domain)
  5. Single domain, multiple servers = multiple values in ACL separated by semi-colons

timkimber avatar Mar 01 '22 18:03 timkimber