summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin C. Ladiges <rcl.git@blackpinguin.de>2021-06-24 10:43:40 +0200
committersiddharth <s@ricketyspace.net>2021-06-26 12:08:02 -0400
commitf1df4c2b3f63f3137deca4ced91e081a2746e98a (patch)
tree1ea2ee3689963d907f2b2b5e0c2d15fe92db4fa7
parentf71ca723edd8202c7da165738fb4c646dc736f1f (diff)
acmens.py: fallback to `dns`
Sometimes `http` isn't available as a challenge type. E.g. for wildcards or when `dns` was used for the domain lately. Instead of being forced to use `--challenge dns` for wildcard certificates, the `--challenge` flag can be omitted now and it will automatically fallback to `dns`. This is especially useful for SAN certificates, where it can fallback to the other challenge type, if the preferred type isn't available for one of the multiple domains.
-rw-r--r--acmens.py17
1 files changed, 14 insertions, 3 deletions
diff --git a/acmens.py b/acmens.py
index 2ea3291..37e187f 100644
--- a/acmens.py
+++ b/acmens.py
@@ -145,17 +145,28 @@ def _do_challenge(challenge_type, authz_url, nonce_url, auth, account_key, thumb
# Choose challenge.
preferred_type = "dns-01" if challenge_type == "dns" else "http-01"
challenge = None
+ dns_challenge = None
http_challenge = None
for c in chl_result["challenges"]:
if c["type"] == preferred_type:
challenge = c
+ if c["type"] == "dns-01":
+ dns_challenge = c
if c["type"] == "http-01":
http_challenge = c
if challenge is None:
if http_challenge is None:
- sys.stderr.write("Error: Unable to find challenges!")
- sys.exit(1)
- challenge = http_challenge # Fallback to http challenge.
+ if dns_challenge is None:
+ sys.stderr.write("Error: Unable to find challenges!")
+ sys.exit(1)
+ else:
+ # Fallback to dns challenge.
+ challenge = dns_challenge
+ challenge_type = "dns"
+ else:
+ # Fallback to http challenge.
+ challenge = http_challenge
+ challenge_type = "http"
keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint)
dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest())