From f1df4c2b3f63f3137deca4ced91e081a2746e98a Mon Sep 17 00:00:00 2001 From: "Robin C. Ladiges" Date: Thu, 24 Jun 2021 10:43:40 +0200 Subject: acmens.py: fallback to `dns` Sometimes `http` isn't available as a challenge type. E.g. for wildcards or when `dns` was used for the domain lately. Instead of being forced to use `--challenge dns` for wildcard certificates, the `--challenge` flag can be omitted now and it will automatically fallback to `dns`. This is especially useful for SAN certificates, where it can fallback to the other challenge type, if the preferred type isn't available for one of the multiple domains. --- acmens.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'acmens.py') diff --git a/acmens.py b/acmens.py index 2ea3291..37e187f 100644 --- a/acmens.py +++ b/acmens.py @@ -145,17 +145,28 @@ def _do_challenge(challenge_type, authz_url, nonce_url, auth, account_key, thumb # Choose challenge. preferred_type = "dns-01" if challenge_type == "dns" else "http-01" challenge = None + dns_challenge = None http_challenge = None for c in chl_result["challenges"]: if c["type"] == preferred_type: challenge = c + if c["type"] == "dns-01": + dns_challenge = c if c["type"] == "http-01": http_challenge = c if challenge is None: if http_challenge is None: - sys.stderr.write("Error: Unable to find challenges!") - sys.exit(1) - challenge = http_challenge # Fallback to http challenge. + if dns_challenge is None: + sys.stderr.write("Error: Unable to find challenges!") + sys.exit(1) + else: + # Fallback to dns challenge. + challenge = dns_challenge + challenge_type = "dns" + else: + # Fallback to http challenge. + challenge = http_challenge + challenge_type = "http" keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint) dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest()) -- cgit v1.2.3