mirror of
https://github.com/go-acme/lego.git
synced 2024-12-23 01:07:23 +02:00
feat(cli): add dns.propagation-wait flag (#2266)
This commit is contained in:
parent
b3e630761e
commit
75b910b296
@ -113,6 +113,10 @@ func CreateFlags(defaultPath string) []cli.Flag {
|
|||||||
Name: "dns.disable-cp",
|
Name: "dns.disable-cp",
|
||||||
Usage: "By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers.",
|
Usage: "By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers.",
|
||||||
},
|
},
|
||||||
|
&cli.DurationFlag{
|
||||||
|
Name: "dns.propagation-wait",
|
||||||
|
Usage: "By setting this flag, disables all the propagation checks and uses a wait duration instead.",
|
||||||
|
},
|
||||||
&cli.StringSliceFlag{
|
&cli.StringSliceFlag{
|
||||||
Name: "dns.resolvers",
|
Name: "dns.resolvers",
|
||||||
Usage: "Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination." +
|
Usage: "Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination." +
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@ -38,7 +39,10 @@ func setupChallenges(ctx *cli.Context, client *lego.Client) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ctx.IsSet("dns") {
|
if ctx.IsSet("dns") {
|
||||||
setupDNS(ctx, client)
|
err := setupDNS(ctx, client)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -113,22 +117,40 @@ func setupTLSProvider(ctx *cli.Context) challenge.Provider {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func setupDNS(ctx *cli.Context, client *lego.Client) {
|
func setupDNS(ctx *cli.Context, client *lego.Client) error {
|
||||||
|
if ctx.IsSet("dns.disable-cp") && ctx.Bool("dns.disable-cp") && ctx.IsSet("dns.propagation-wait") {
|
||||||
|
return errors.New("'dns.disable-cp' and 'dns.propagation-wait' are mutually exclusive")
|
||||||
|
}
|
||||||
|
|
||||||
|
wait := ctx.Duration("dns.propagation-wait")
|
||||||
|
if wait < 0 {
|
||||||
|
return errors.New("'dns.propagation-wait' cannot be negative")
|
||||||
|
}
|
||||||
|
|
||||||
provider, err := dns.NewDNSChallengeProviderByName(ctx.String("dns"))
|
provider, err := dns.NewDNSChallengeProviderByName(ctx.String("dns"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
servers := ctx.StringSlice("dns.resolvers")
|
servers := ctx.StringSlice("dns.resolvers")
|
||||||
|
|
||||||
err = client.Challenge.SetDNS01Provider(provider,
|
err = client.Challenge.SetDNS01Provider(provider,
|
||||||
dns01.CondOption(len(servers) > 0,
|
dns01.CondOption(len(servers) > 0,
|
||||||
dns01.AddRecursiveNameservers(dns01.ParseNameservers(ctx.StringSlice("dns.resolvers")))),
|
dns01.AddRecursiveNameservers(dns01.ParseNameservers(ctx.StringSlice("dns.resolvers")))),
|
||||||
|
|
||||||
dns01.CondOption(ctx.Bool("dns.disable-cp"),
|
dns01.CondOption(ctx.Bool("dns.disable-cp"),
|
||||||
dns01.DisableCompletePropagationRequirement()),
|
dns01.DisableCompletePropagationRequirement()),
|
||||||
|
|
||||||
|
dns01.CondOption(ctx.IsSet("dns.propagation-wait"), dns01.WrapPreCheck(
|
||||||
|
func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {
|
||||||
|
time.Sleep(wait)
|
||||||
|
return true, nil
|
||||||
|
},
|
||||||
|
)),
|
||||||
|
|
||||||
dns01.CondOption(ctx.IsSet("dns-timeout"),
|
dns01.CondOption(ctx.IsSet("dns-timeout"),
|
||||||
dns01.AddDNSTimeout(time.Duration(ctx.Int("dns-timeout"))*time.Second)),
|
dns01.AddDNSTimeout(time.Duration(ctx.Int("dns-timeout"))*time.Second)),
|
||||||
)
|
)
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
return err
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -40,6 +40,7 @@ GLOBAL OPTIONS:
|
|||||||
--tls.port value Set the port and interface to use for TLS-ALPN-01 based challenges to listen on. Supported: interface:port or :port. (default: ":443")
|
--tls.port value Set the port and interface to use for TLS-ALPN-01 based challenges to listen on. Supported: interface:port or :port. (default: ":443")
|
||||||
--dns value Solve a DNS-01 challenge using the specified provider. Can be mixed with other types of challenges. Run 'lego dnshelp' for help on usage.
|
--dns value Solve a DNS-01 challenge using the specified provider. Can be mixed with other types of challenges. Run 'lego dnshelp' for help on usage.
|
||||||
--dns.disable-cp By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers. (default: false)
|
--dns.disable-cp By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers. (default: false)
|
||||||
|
--dns.propagation-wait value By setting this flag, disables all the propagation checks and uses a wait duration instead. (default: 0s)
|
||||||
--dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
|
--dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
|
||||||
--http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0)
|
--http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0)
|
||||||
--dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10)
|
--dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10)
|
||||||
|
Loading…
Reference in New Issue
Block a user