diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-12-01 14:48:49 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-12-03 11:29:43 -0700 |
commit | 563af80e95563c6a1215a633b4f3c96ae01f45b6 (patch) | |
tree | fbc084d2a66422f2caf27c933d2feb6c0db070e5 /src/property | |
parent | f506d491b7069789a5aa94381cbf50970b35b2f0 (diff) | |
download | consfigurator-563af80e95563c6a1215a633b4f3c96ae01f45b6.tar.gz |
add LETS-ENCRYPT:CERTIFICATE-OBTAINED-STANDALONE
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/property')
-rw-r--r-- | src/property/lets-encrypt.lisp | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/property/lets-encrypt.lisp b/src/property/lets-encrypt.lisp index b87224c..4ac82a3 100644 --- a/src/property/lets-encrypt.lisp +++ b/src/property/lets-encrypt.lisp @@ -39,7 +39,7 @@ etc.")) `(:email-address ,email-address)))) ;; Based on Propellor's LetsEncrypt.letsEncrypt' property. -(defprop %obtained :posix (agree-tos htdocs domains) +(defprop %obtained :posix (agree-tos domains &rest args) (:apply (check-type agree-tos agree-tos) (let ((dir (ensure-directory-pathname @@ -52,8 +52,7 @@ etc.")) (if (slot-boundp agree-tos 'email-address) (strcat "--email=" (slot-value agree-tos 'email-address)) "--register-unsafely-without-email") - "--webroot" "--webroot-path" htdocs - "--text" "--noninteractive" "--keep-until-expiring" + args "--text" "--noninteractive" "--keep-until-expiring" ;; Always request expansion in case DOMAINS has changed. "--expand" (loop for domain in domains @@ -73,7 +72,17 @@ the obtained certificate. Typically you'll want to combine this property with web server-specific properties in a DEFPROPLIST/DEFPROPSPEC." (:desc (format nil "Let's Encrypt for ~{~A~^, ~}" domains)) (installed) - (%obtained agree-tos htdocs (flatten domains))) + (%obtained agree-tos (flatten domains) "--webroot" "--webroot-path" htdocs)) + +(defproplist certificate-obtained-standalone :posix (agree-tos &rest domains) + "Like LETS-ENCRYPT:CERTIFICATE-OBTAINED, but use the --standalone argument to +letsencrypt(1) to start up the client's built-in webserver on port 80. Useful +on hosts which do not normally run a web server, but nevertheless require an +SSL certificate for other service(s), such as mail servers." + (:desc (format nil "Let's Encrypt for ~{~A~^, ~}" domains)) + (installed) + (%obtained agree-tos (flatten domains) + "--standalone" "--preferred-challenges" "http")) (defun dir-for (domain) (ensure-directory-pathname |