Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Adrien Dorsaz
acme-dns-tiny
Commits
0a8bb111
Commit
0a8bb111
authored
Aug 24, 2016
by
Adrien Dorsaz
Browse files
acme_dns_tiny: clean a bit info messages
parent
81097552
Pipeline
#47
failed with stage
in 2 minutes and 59 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
acme_dns_tiny.py
View file @
0a8bb111
...
...
@@ -53,6 +53,7 @@ def get_crt(config, log=LOGGER):
return
getattr
(
e
,
"code"
,
None
),
getattr
(
e
,
"read"
,
e
.
__str__
)(),
None
# create DNS keyring and resolver
log
.
info
(
"Prepare DNS tools..."
)
keyring
=
dns
.
tsigkeyring
.
from_text
({
config
[
"TSIGKeyring"
][
"KeyName"
]:
config
[
"TSIGKeyring"
][
"KeyValue"
]})
nameserver
=
[]
try
:
...
...
@@ -70,7 +71,6 @@ def get_crt(config, log=LOGGER):
resolver
=
dns
.
resolver
.
Resolver
(
configure
=
False
)
resolver
.
nameservers
=
nameserver
resolver
.
retry_servfail
=
True
log
.
info
(
"DNS checks will use servers: {0}"
.
format
(
resolver
.
nameservers
))
# parse account key to get public key
log
.
info
(
"Parsing account key..."
)
...
...
@@ -130,7 +130,7 @@ def get_crt(config, log=LOGGER):
raise
ValueError
(
"Error requesting challenges: {0} {1}"
.
format
(
code
,
result
))
# make and install DNS resource record
log
.
info
(
"Create DNS RR"
)
log
.
info
(
"Create DNS RR
...
"
)
challenge
=
[
c
for
c
in
json
.
loads
(
result
.
decode
(
"utf8"
))[
"challenges"
]
if
c
[
"type"
]
==
"dns-01"
][
0
]
token
=
re
.
sub
(
r
"[^A-Za-z0-9_\-]"
,
"_"
,
challenge
[
"token"
])
keyauthorization
=
"{0}.{1}"
.
format
(
token
,
thumbprint
)
...
...
@@ -144,15 +144,15 @@ def get_crt(config, log=LOGGER):
# notify challenge are met
time
.
sleep
(
config
[
"acmednstiny"
].
getint
(
"CheckChallengeDelay"
))
log
.
info
(
"Self challenge check"
)
log
.
info
(
"Self challenge check
...
"
)
challenge_verified
=
False
number_check_fail
=
0
while
challenge_verified
is
False
:
try
:
log
.
info
(
"check retry {0}, with
nameservers: {
1}"
.
format
(
number_check_fail
,
resolver
.
nameservers
))
log
.
info
(
'Try {0}: Check ressource with value "{1}" exits on
nameservers: {
2}'
.
format
(
number_check_fail
+
1
,
keydigest64
,
resolver
.
nameservers
))
challenges
=
resolver
.
query
(
dnsrr_domain
,
rdtype
=
"TXT"
)
for
response
in
challenges
.
rrset
:
log
.
info
(
"
looking for {0}, found {1}, equals ?
{
2
}"
.
format
(
keydigest64
,
response
.
to_text
()
,
response
.
to_text
()
==
'"{0}"'
.
format
(
keydigest64
)
))
log
.
info
(
"
.. Found value
{
0
}"
.
format
(
response
.
to_text
()))
challenge_verified
=
challenge_verified
or
response
.
to_text
()
==
'"{0}"'
.
format
(
keydigest64
)
except
dns
.
exception
.
DNSException
as
dnsexception
:
log
.
info
(
"Info: retry, because a DNS error occurred while checking challenge: {0} : {1}"
.
format
(
type
(
dnsexception
).
__name__
,
dnsexception
))
...
...
@@ -163,7 +163,7 @@ def get_crt(config, log=LOGGER):
if
challenge_verified
is
False
:
number_check_fail
=
number_check_fail
+
1
time
.
sleep
(
2
)
log
.
info
(
"Ask A
CME
server to perform check..."
)
log
.
info
(
"Ask
C
A server to perform check..."
)
code
,
result
,
headers
=
_send_signed_request
(
challenge
[
"uri"
],
{
"resource"
:
"challenge"
,
"keyAuthorization"
:
keyauthorization
,
...
...
@@ -224,7 +224,7 @@ def main(argv):
formatter_class
=
argparse
.
RawDescriptionHelpFormatter
,
description
=
textwrap
.
dedent
(
"""
\
This script automates the process of getting a signed TLS certificate
chain from Let's Encrypt using the ACME protocol and its
dns
verification.
chain from Let's Encrypt using the ACME protocol and its
DNS
verification.
It will need to have access to your private account key and dns server
so PLEASE READ THROUGH IT!
It's only ~250 lines, so it won't take long.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment