feat: support dns-01 challenge #114
Conversation
lib/resty/acme/challenge/dns-01.lua
Outdated
| end | ||
| local trim_domain = domain:gsub("*.", "") | ||
| local txt_record = calculate_txt_record(response) | ||
| local result, err = dnsapi:post_txt_record("_acme-challenge." .. trim_domain, txt_record) |
There was a problem hiding this comment.
we might want to wait the dns record to propogate after we set the record. use openresty/lua-resty-dns to query the record would be good to avoid the acme server try to validate it prematurely.
There was a problem hiding this comment.
maybe we can handle it in challenge_start_callback? I will check it.
|
we still need to return a wildcard domain in domain_whitelist/domain_whitelist_callback if we quire a wildcard domain cert, do you think the new way is ok? |
I think you missed part of the code in commit, but I get your idea, it works for me. Basically we can do: local WILDCARD_MATCHED = {}
function is_domain_whitelisted(domain)
if whitelist[domain] then
return domain
else if regex match then
return WILDCARD_MATCHED
end
return false
endthen local matched = is_domain_whitelisted(domain)
if matched WILDCARD_MATCHED then
--is wildcard match
else if matched then
--is exact match
else
--not match
end |
|
I will do a final cleanup of commits and merge to master #115 |
|
Thanks for this big PR, awesome work! @yuweizzz |
support dns-01 challenge.