acmens.py: update sign_csr

* acmens.py (sign_csr): Update _do_challenge; add handling to fallback to http-01 challenge if dns-01 is preferred but not available.
author: siddharth <s@ricketyspace.net> 2021-04-16 21:22:35 -0400
committer: siddharth <s@ricketyspace.net> 2021-04-16 21:22:35 -0400
commit: 117bd824368ee1712f4095b405184ca13dad982b (patch)
tree: 4a0954179a997ac661b22daf98ec808a1bdd0738
parent: 89d5ecba4d10a6214760a127eefed3394a4bf081 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/acmens.py b/acmens.py
index 9946ba1..1a856c0 100644
--- a/acmens.py
+++ b/acmens.py
@@ -134,8 +134,20 @@ def sign_csr(account_key, csr, email=None, challenge_type="http"):
         )
         domain = chl_result["identifier"]["value"]
 
-        type_id = "dns-01" if challenge_type == "dns" else "http-01"
-        challenge = [c for c in chl_result["challenges"] if c["type"] == type_id][0]
+        # Choose challenge.
+        preferred_type = "dns-01" if challenge_type == "dns" else "http-01"
+        challenge = None
+        http_challenge = None
+        for c in chl_result["challenges"]:
+            if c["type"] == preferred_type:
+                challenge = c
+            if c["type"] == "http-01":
+                http_challenge = c
+        if challenge is None:
+            if http_challenge is None:
+                sys.stderr.write("Error: Unable to find challenges!")
+                sys.exit(1)
+            challenge = http_challenge  # Fallback to http challenge.
         keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint)
         dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest())
author	siddharth <s@ricketyspace.net>	2021-04-16 21:22:35 -0400
committer	siddharth <s@ricketyspace.net>	2021-04-16 21:22:35 -0400
commit	117bd824368ee1712f4095b405184ca13dad982b (patch)
tree	4a0954179a997ac661b22daf98ec808a1bdd0738
parent	89d5ecba4d10a6214760a127eefed3394a4bf081 (diff)