Add ACME DNS Authenticator?

[danb35]

But why? acme.sh already installs the following cronjob by default:

For the main system, I don't have any faith that the crontab will be persistent if it isn't in the config database. It could be (and if it is, there's no harm running acme.sh --cron twice a day), but most such things aren't.

 

[Bravo271]

Ah okay I understand.

So it isn't necessary if its in a jail anyway.

Thanks

 

[danb35]

It shouldn't be.

 

[radomirpolach]

Can We at least add a custom script authenticator which would run like:

Code:

custom_script set example.cz name.example.com value 600
custom_script unset example.cz name.example.com value

This should be very simple to implement.

Looking at:

Code:

/usr/lib/python3/dist-packages/middlewared/plugins/acme_protocol_/authenticators

 

[radomirpolach]

Can We add something like this?

Code:

import logging
import subprocess

from middlewared.schema import accepts, Dict, Str, ValidationErrors

from .base import Authenticator


logger = logging.getLogger(__name__)


class ShellAuthenticator(Authenticator):

    NAME = 'shell'
    PROPAGATION_DELAY = 60
    SCHEMA = Dict(
        'shell',
        Str('script', empty=False, null=True, title='Script'),
    )

    def initialize_credentials(self):
        self.script = self.attributes.get('script')

    @staticmethod
    @accepts(SCHEMA)
    def validate_credentials(data):
        pass

    def _perform(self, domain, validation_name, validation_content):
        subprocess.run([self.script, "set", domain, validation_name, validation_content, "600"])

    def _cleanup(self, domain, validation_name, validation_content):
        subprocess.run([self.script, "unset", domain, validation_name, validation_content])

 

[radomirpolach]

I made a pull request: https://github.com/truenas/middleware/pull/8720