-
-
Notifications
You must be signed in to change notification settings - Fork 92
Commit
Ref #73. Adds a new configuration variable DOKKU_LETSENCRYPT_TOS_HASH that can be set to the SHA256 hash of the current Let's Encrypt terms of services that you agree to. If unset, the default TOS hash used in kuba/simp_le will be used.
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -141,6 +141,13 @@ letsencrypt_configure_and_get_dir() { | |
server="https://acme-staging.api.letsencrypt.org/directory" | ||
fi | ||
|
||
# get the selected terms of service (TOS) hash | ||
local tos_hash=${DOKKU_LETSENCRYPT_TOS_HASH} | ||
local tos_hash_arg='' | ||
if [ ! -z "$tos_hash" ]; then | ||
tos_hash_arg="--tos_sha256 $tos_hash " | ||
fi | ||
|
||
# construct domain arguments | ||
local domains="$(get_app_domains "$app")" | ||
local domain_args='' | ||
|
@@ -149,7 +156,7 @@ letsencrypt_configure_and_get_dir() { | |
domain_args="$domain_args -d $domain" | ||
done | ||
|
||
local config="--server $server --email $DOKKU_LETSENCRYPT_EMAIL $domain_args" | ||
local config="--server $server --email $DOKKU_LETSENCRYPT_EMAIL ${tos_hash_arg}${domain_args}" | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
sseemayer
Author
Contributor
|
||
|
||
local config_hash=$(echo "$config" | sha1sum | awk '{print $1}') | ||
local config_dir="$le_root/certs/$config_hash"; mkdir -p "$config_dir" | ||
|
3 comments
on commit a849254
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please disregard this fix, replacing it with something that doesn't require additional user interaction 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still think it'd be cool to be able to specify the tos_hash by env variable or as a cli argument ;)
Actually, the more I think about it, I think the cli argument route would be the cleaner way to go.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason for the revert was that requiring the user to specify the correct TOS hash seemed too cumbersome to me. While there are some potential flexibility gains in having a configurable TOS hash, I thought it was more important to fix #73 ASAP without requiring additional user interaction and since the situation with kuba/simp_le having the wrong TOS hash will be temporary, I found it a good-enough temporary fix.
You are invited to build on this commit and propose a PR that is able to make the TOS hash configurable without complicating the default user experience, though 👍
I know this commit was reverted, but just in case this was partially the reason for the revert:
There is a missing space on this line between the last two args which would break both args. I believe what was meant is:
Edit: github interpreted the angle brackets around the word "space" and thought it was html.