simp_le icon indicating copy to clipboard operation
simp_le copied to clipboard

Published 20 hours ago verified publisher icon zenhack

Keep challenge files in case of authorization error

Open buchdag opened this issue 7 years ago • 7 comments
trafficstars

@zenhack I thought it might be useful for troubleshooting purpose to do a simple adjustment on 212acd3efa6090641845bc08b63a512b082e0cb0 and have simp_le remove challenge files only on successful domain authorization rather than wether the authorization succeed or not. Do you agree ?

buchdag avatar Dec 03 '17 17:12 buchdag

Have you found yourself wanting this when debugging?

It sounds like a plausible use case, but I've never found myself digging through the challenge files, so I want to make sure we're not adding functionality that no one is actually going to use.

zenhack avatar Dec 03 '17 18:12 zenhack

Not while using simp_le in standalone, but with letsencrypt-nginx-proxy-companion it's quite common to curl the challenge file in order to troubleshoot a failed domain validation.

This comment in particular made me think that people are probably going to look after the challenge file only when a validation fails and might draw wrong conclusions from the fact that the file has been deleted.

buchdag avatar Dec 03 '17 19:12 buchdag

I recognize that the challenge file itself and its content are completely irrelevant to the troubleshooting process, you might as well echo 'Hello, world' > hello-world on the webroot and try to curl this file instead.

buchdag avatar Dec 03 '17 19:12 buchdag

Ok, just wanted to sanity check that it's really useful; I'm convinced of that now.

My other concern is about generating garbage in the challange directory. It would be nice to avoid littering the directory with failed attempts.

zenhack avatar Dec 03 '17 19:12 zenhack

Agreed, just keeping every challenge file that the validation server fails to get kind of undo https://github.com/zenhack/simp_le/commit/212acd3efa6090641845bc08b63a512b082e0cb0.

Do you think this (the challenge file mentioned in the error message being automatically deleted) might be an issue for the standalone simp_le too or is it more specific to project that use it like letsencrypt-nginx-proxy-companion ?

buchdag avatar Dec 03 '17 20:12 buchdag

Quoting Nicolas Duchon (2017-12-03 15:19:14)

Do you think this (the challenge file mentioned in the error message being automatically deleted) might be an issue for the standalone simp_le too or is it more specific to project that use it like letsencrypt-nginx-proxy-companion ?

Like I said, I've never really found myself wanting this. Though, I've not had simp_le fail very often either.

My inclination is to leave things as they are unless it becomes clear that it's a real problem. Maybe we could just log the fact that we're deleting those files at info level instead of debug?

zenhack avatar Dec 04 '17 01:12 zenhack

Maybe we could just log the fact that we're deleting those files at info level instead of debug?

I'd say that would be enough.

buchdag avatar Dec 07 '17 21:12 buchdag