summaryrefslogtreecommitdiffstats
path: root/acmens.py
diff options
context:
space:
mode:
authorRobin C. Ladiges <rcl.git@blackpinguin.de>2021-06-24 10:43:40 +0200
committersiddharth <s@ricketyspace.net>2021-06-26 12:08:02 -0400
commitf1df4c2b3f63f3137deca4ced91e081a2746e98a (patch)
tree1ea2ee3689963d907f2b2b5e0c2d15fe92db4fa7 /acmens.py
parentf71ca723edd8202c7da165738fb4c646dc736f1f (diff)
acmens.py: fallback to `dns`
Sometimes `http` isn't available as a challenge type. E.g. for wildcards or when `dns` was used for the domain lately. Instead of being forced to use `--challenge dns` for wildcard certificates, the `--challenge` flag can be omitted now and it will automatically fallback to `dns`. This is especially useful for SAN certificates, where it can fallback to the other challenge type, if the preferred type isn't available for one of the multiple domains.
Diffstat (limited to 'acmens.py')
-rw-r--r--acmens.py17
1 files changed, 14 insertions, 3 deletions
diff --git a/acmens.py b/acmens.py
index 2ea3291..37e187f 100644
--- a/acmens.py
+++ b/acmens.py
@@ -145,17 +145,28 @@ def _do_challenge(challenge_type, authz_url, nonce_url, auth, account_key, thumb
# Choose challenge.
preferred_type = "dns-01" if challenge_type == "dns" else "http-01"
challenge = None
+ dns_challenge = None
http_challenge = None
for c in chl_result["challenges"]:
if c["type"] == preferred_type:
challenge = c
+ if c["type"] == "dns-01":
+ dns_challenge = c
if c["type"] == "http-01":
http_challenge = c
if challenge is None:
if http_challenge is None:
- sys.stderr.write("Error: Unable to find challenges!")
- sys.exit(1)
- challenge = http_challenge # Fallback to http challenge.
+ if dns_challenge is None:
+ sys.stderr.write("Error: Unable to find challenges!")
+ sys.exit(1)
+ else:
+ # Fallback to dns challenge.
+ challenge = dns_challenge
+ challenge_type = "dns"
+ else:
+ # Fallback to http challenge.
+ challenge = http_challenge
+ challenge_type = "http"
keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint)
dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest())