1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-23 01:07:23 +02:00

feat(cli): add dns.propagation-wait flag (#2266)

This commit is contained in:
Ludovic Fernandez 2024-09-07 21:40:21 +02:00 committed by GitHub
parent b3e630761e
commit 75b910b296
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 33 additions and 6 deletions

View File

@ -113,6 +113,10 @@ func CreateFlags(defaultPath string) []cli.Flag {
Name: "dns.disable-cp", Name: "dns.disable-cp",
Usage: "By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers.", Usage: "By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers.",
}, },
&cli.DurationFlag{
Name: "dns.propagation-wait",
Usage: "By setting this flag, disables all the propagation checks and uses a wait duration instead.",
},
&cli.StringSliceFlag{ &cli.StringSliceFlag{
Name: "dns.resolvers", Name: "dns.resolvers",
Usage: "Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination." + Usage: "Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination." +

View File

@ -1,6 +1,7 @@
package cmd package cmd
import ( import (
"errors"
"net" "net"
"strings" "strings"
"time" "time"
@ -38,7 +39,10 @@ func setupChallenges(ctx *cli.Context, client *lego.Client) {
} }
if ctx.IsSet("dns") { if ctx.IsSet("dns") {
setupDNS(ctx, client) err := setupDNS(ctx, client)
if err != nil {
log.Fatal(err)
}
} }
} }
@ -113,22 +117,40 @@ func setupTLSProvider(ctx *cli.Context) challenge.Provider {
} }
} }
func setupDNS(ctx *cli.Context, client *lego.Client) { func setupDNS(ctx *cli.Context, client *lego.Client) error {
if ctx.IsSet("dns.disable-cp") && ctx.Bool("dns.disable-cp") && ctx.IsSet("dns.propagation-wait") {
return errors.New("'dns.disable-cp' and 'dns.propagation-wait' are mutually exclusive")
}
wait := ctx.Duration("dns.propagation-wait")
if wait < 0 {
return errors.New("'dns.propagation-wait' cannot be negative")
}
provider, err := dns.NewDNSChallengeProviderByName(ctx.String("dns")) provider, err := dns.NewDNSChallengeProviderByName(ctx.String("dns"))
if err != nil { if err != nil {
log.Fatal(err) return err
} }
servers := ctx.StringSlice("dns.resolvers") servers := ctx.StringSlice("dns.resolvers")
err = client.Challenge.SetDNS01Provider(provider, err = client.Challenge.SetDNS01Provider(provider,
dns01.CondOption(len(servers) > 0, dns01.CondOption(len(servers) > 0,
dns01.AddRecursiveNameservers(dns01.ParseNameservers(ctx.StringSlice("dns.resolvers")))), dns01.AddRecursiveNameservers(dns01.ParseNameservers(ctx.StringSlice("dns.resolvers")))),
dns01.CondOption(ctx.Bool("dns.disable-cp"), dns01.CondOption(ctx.Bool("dns.disable-cp"),
dns01.DisableCompletePropagationRequirement()), dns01.DisableCompletePropagationRequirement()),
dns01.CondOption(ctx.IsSet("dns.propagation-wait"), dns01.WrapPreCheck(
func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {
time.Sleep(wait)
return true, nil
},
)),
dns01.CondOption(ctx.IsSet("dns-timeout"), dns01.CondOption(ctx.IsSet("dns-timeout"),
dns01.AddDNSTimeout(time.Duration(ctx.Int("dns-timeout"))*time.Second)), dns01.AddDNSTimeout(time.Duration(ctx.Int("dns-timeout"))*time.Second)),
) )
if err != nil {
log.Fatal(err) return err
}
} }

View File

@ -40,6 +40,7 @@ GLOBAL OPTIONS:
--tls.port value Set the port and interface to use for TLS-ALPN-01 based challenges to listen on. Supported: interface:port or :port. (default: ":443") --tls.port value Set the port and interface to use for TLS-ALPN-01 based challenges to listen on. Supported: interface:port or :port. (default: ":443")
--dns value Solve a DNS-01 challenge using the specified provider. Can be mixed with other types of challenges. Run 'lego dnshelp' for help on usage. --dns value Solve a DNS-01 challenge using the specified provider. Can be mixed with other types of challenges. Run 'lego dnshelp' for help on usage.
--dns.disable-cp By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers. (default: false) --dns.disable-cp By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers. (default: false)
--dns.propagation-wait value By setting this flag, disables all the propagation checks and uses a wait duration instead. (default: 0s)
--dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined. --dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
--http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0) --http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0)
--dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10) --dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10)