letsencrypt::Client method authorizeDomain (protected)
<instance of letsencrypt::Client> authorizeDomain auth_url \ domain
Defined in /usr/local/ns/tcl/letsencrypt/letsencrypt-procs.tcl
- Parameters:
- auth_url (required)
- domain (required)
- Testcases:
- No testcase defined.
Source code: :log "<br>Authorizing account for domain <strong>$domain</strong>... " set httpStatus [:send_signed_request $auth_url ""] :log "$auth_url returned HTTP status $httpStatus<br>" if {$httpStatus in {400 403}} { :log "error message: ${:replyText}<br>" return invalid } :log "... getting HTTP challenge... " set :authorization [ns_set iget ${:replyHeaders} "location"] set challenges [dict get [json::json2dict ${:replyText}] challenges] ns_log notice "... challenges:\n[join $challenges \n]" # # Parse HTTP challenge # foreach entry $challenges { if {[dict filter $entry value "http-01"] ne ""} { set challengeURL [dict get $entry url] set token [dict get $entry token] } } # # Provide HTTP resource to fulfill HTTP challenge # file mkdir [ns_server pagedir]/.well-known/acme-challenge :writeFile [ns_server pagedir]/.well-known/acme-challenge/$token $token.${:thumbprint64} :log "<pre>keyauthorization: $token.${:thumbprint64}</pre>\n" #set payload [subst {{"resource": "challenge", "keyAuthorization": "$token.${:thumbprint64}"}}] :log "challenge is done [ns_server pagedir]/.well-known/acme-challenge/$token<br>" # # Try to obtain challenge URL locally. If this does not # work for us, it will not work for letsencrypt either. # set wellknown_url "http://$domain/.well-known/acme-challenge/$token" set d [ns_http run -timeout 5.0 $wellknown_url] :log "local test pf wellknown_url $wellknown_url returned <pre>$d</pre>" if {[dict get $d status] eq "200"} { :log "challenge is available on local server $wellknown_url\n" } else { :log "challenge can not retrieved from local server: $wellknown_url\n" return "invalid" } set httpStatus [:send_signed_request $challengeURL "{}"] :log "challengeURL $challengeURL returned HTTP status $httpStatus<br>" # # ----- validate # :log "... validating the challenge... " #:log "Reply Headers: [:printHeaders ${:replyHeaders}]<br>" # # Not sure, we have to get the "up" link, the result is # identical to the $auth_url # #set link "" #foreach {k v} [ns_set array ${:replyHeaders}] { # if {$k eq "link" && [regexp {^<(.*)>;rel="up"} $v . link]} { # break # } #} #if {$link ne ""} { # :log "obtained up link: $link, " #} else { # :log "could not obtain up link from header, " #} #:log "uplink equal to auth_url: [string equal $link $auth_url]<br>" set status [dict get [json::json2dict ${:replyText}] status] :log "status: $status<br>" #:log "<pre>$result</pre>[:printHeaders ${:replyHeaders}]<br>" # check until validation is finished (max 20 times) set count 0 #set link $challengeURL while {$status eq "pending"} { :log "... retry after one second... " ns_sleep 1 set httpStatus [:send_signed_request $auth_url ""] :log "$auth_url returned HTTP status $httpStatus<br>" set status [dict get [json::json2dict ${:replyText}] status] :log "status: $status<br>" if {$status ni {"valid" "pending"}} { :log "<pre>${:replyText}</pre>[:printHeaders ${:replyHeaders}]<br>" break } # safety belt to avoid in the worst case endless loops. if {[incr count] > 2} break } return $statusXQL Not present: Generic, PostgreSQL, Oracle