Split challenge generation & challenge verification about manuale HOT 11 OPEN

manuale as its name suggests... 😄

I use this shell function as a background job: https://github.com/szepeviktor/debian-server-tools/blob/master/security/cert-update-manuale-CN.sh#L31-L49

from manuale.

You may do something similar with your API-based DNS update.

from manuale.

Yes, I already have tooling to do the DNS update, but right now I need something that parses the manuale output and tells it to continue after the DNS change is live. Just want to cleanly split it up.

from manuale.

@szepeviktor since upstream seems to have stopped making any changes, interested in forking this fully?

from manuale.

I am content with the current state of manuale.

from manuale.

Hey,

As you might gather from the project name, I'm surprised to see that people are using this for automated issuance at all. My intention was to create an easy, guided interface for a real person who wants to do things by hand and/or is issuing a single one-off certificate. The only reason authorize and issue are separate commands at all is that a long time ago there wasn't a method to detect an existing authorization for a domain, and authorizations lived longer than certificates. Now that this isn't the case, I've been thinking of rolling the commands into one.

I'm not completely opposed to this idea, but you may be better served by another client designed for the purpose or a custom fork. For example, acme.sh has built-in DNS provider integrations and lets you drop in your own DNS authorization script if needed. Maybe once I get around to doing an ACMEv2 overhaul there could be a single high level guided issuance command and lower level commands for working with authorizations and orders that could be used in automated scripts.

from manuale.

Where I think it's also going to be more relevant is cases that request multiple validations (ACME-08 has renamed them from challenges) be completed, and upcoming validations like ip-01.

As for other clients, I tried many of them before winding up Manuale. My usage case is not fully automated, but just semi-automated by wrapping Manuale, to authorize & issue via DNS, then securely ship the key+cert to new hosts (they don't even exist yet when the issuance is done).

I'd agree with having a high-level command that does authorize & issue together, which really wraps around lower-level commands (and are also exposed).

Manuale is the closest there is to a good competing Python Library other than Certbot's ACME module. Many others either just wrap certbot's ACME, or provide a minimal implementation.

from manuale.

I am open to a PR :)

from manuale.

https://github.com/schors/perkele/ perkeLE is a fork of ManuaLE

New in perkeLE Support for HTTP validation. (In fact, that's the only validation method supported).

Authorization is separate from certificate issuance. Authorizations last for months on Let's Encrypt: there's no need to waste time validating the domain every time you renew the certificate.

New in perkeLE The authorization can be divided into two parts - get authorization, and check validation. You can distribute verification files manualy.

from manuale.

I like the name!

from manuale.

@f-andrey why was DNS validation dropped?

from manuale.