From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id wGdJOY9mW1+4NQAA0tVLHw (envelope-from ) for ; Fri, 11 Sep 2020 11:59:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id APaZM49mW1/3NAAA1q6Kng (envelope-from ) for ; Fri, 11 Sep 2020 11:59:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C336D940630 for ; Fri, 11 Sep 2020 11:59:10 +0000 (UTC) Received: from localhost ([::1]:36636 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGhht-0003ZN-HY for larch@yhetil.org; Fri, 11 Sep 2020 07:59:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52976) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGhhm-0003YC-BT for guix-patches@gnu.org; Fri, 11 Sep 2020 07:59:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:59429) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kGhhm-0004Qy-2k for guix-patches@gnu.org; Fri, 11 Sep 2020 07:59:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kGhhm-0003L0-13 for guix-patches@gnu.org; Fri, 11 Sep 2020 07:59:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43333] [PATCH] services: certbot: Support registration without email. Resent-From: Timotej Lazar Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 11 Sep 2020 11:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 43333 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 43333@debbugs.gnu.org Cc: Timotej Lazar X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.159982552612805 (code B ref -1); Fri, 11 Sep 2020 11:59:01 +0000 Received: (at submit) by debbugs.gnu.org; 11 Sep 2020 11:58:46 +0000 Received: from localhost ([127.0.0.1]:42742 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kGhhV-0003KT-SE for submit@debbugs.gnu.org; Fri, 11 Sep 2020 07:58:46 -0400 Received: from lists.gnu.org ([209.51.188.17]:59488) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kGhhT-0003KJ-QZ for submit@debbugs.gnu.org; Fri, 11 Sep 2020 07:58:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52916) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGhhT-0003X5-Fz for guix-patches@gnu.org; Fri, 11 Sep 2020 07:58:43 -0400 Received: from araneo.si ([2001:15c0:2110:3400::2]:48462) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGhhR-0004Pj-Kk for guix-patches@gnu.org; Fri, 11 Sep 2020 07:58:43 -0400 Received: from araneo.si (localhost.lan [127.0.0.1]) by araneo.si (OpenSMTPD) with ESMTP id 5e2195bd for ; Fri, 11 Sep 2020 11:58:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=araneo.si; h=from:to:cc :subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=20180623; bh=w4DN7Z4jBFtbNEuPAWKnn dCDEdw=; b=XHChOONlIwPtVEVftpyJbjnwAFjqqWCFTvL1eumNk5qPkFDYcfT84 meSQur6yMpxbPUQ1KWX/sKxocyafp4pTZFu6cCOdD97wjGTgFEZEEJObq1cPM65p 9XgEQo8Sa66BmDGpSm6AxYUCDF8c/J32Kcwbp7ewxwDrZ0oIjNeQrhG617JjLDDe nffwlidWuRQ2noBECRFYNinwO51P5mAV+BrLODBShSIh4wmXcIAHVvC1SXQkU7Jk 4N8a5N/O0C/16mr6Xe8BNejhk0yXrZMGNPIik1YoRZFyd7fEtLioF5+eZsvdA4AW H4+TEJyJZdSxKWXxIMtpRRJJQA/L28Q6w== Received: by araneo.si (OpenSMTPD) with ESMTPSA id 64fc316a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 11 Sep 2020 11:58:35 +0000 (UTC) From: Timotej Lazar Date: Fri, 11 Sep 2020 13:55:55 +0200 Message-Id: <20200911115553.13306-1-timotej.lazar@araneo.si> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2001:15c0:2110:3400::2; envelope-from=timotej.lazar@araneo.si; helo=araneo.si X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -2.3 (--) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=araneo.si header.s=20180623 header.b=XHChOONl; dmarc=fail reason="SPF not aligned (relaxed)" header.from=araneo.si (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 1.09 X-TUID: 23GkBc8ooJzb * gnu/services/certbot.scm (certbot-configuration): Add default for the email option. (certbot-command): Pass email for registration only when specified. * doc/guix.texi (Certificate Services): "mandatory"→"optional" email. --- Allow registering a Let’s Encrypt account without an email address, which is dicouraged but possible. I tried factoring out the common options for HTTP/manual challenges but it turned out quite messy, so I just added the option for both cases. Thanks! doc/guix.texi | 7 ++++--- gnu/services/certbot.scm | 11 ++++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index bad2d36e42..a8e7b27349 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22469,9 +22469,10 @@ A list of @code{certificates-configuration}s for which to generate certificates and request signatures. Each certificate has a @code{name} and several @code{domains}. -@item @code{email} -Mandatory email used for registration, recovery contact, and important -account notifications. +@item @code{email} (default: @code{#f}) +Optional email address used for registration and recovery contact. +Setting this is encouraged as it allows you to receive important +notifications about the account and issued certificates. @item @code{server} (default: @code{#f}) Optional URL of ACME server. Setting this overrides certbot's default, diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 5643340799..1c67ff63f1 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -71,7 +71,8 @@ (default "/var/www")) (certificates certbot-configuration-certificates (default '())) - (email certbot-configuration-email) + (email certbot-configuration-email + (default #f)) (server certbot-configuration-server (default #f)) (rsa-key-size certbot-configuration-rsa-key-size @@ -99,12 +100,14 @@ (if challenge (append (list name certbot "certonly" "-n" "--agree-tos" - "-m" email "--manual" (string-append "--preferred-challenges=" challenge) "--cert-name" name "--manual-public-ip-logging-ok" "-d" (string-join domains ",")) + (if email + `("--email" ,email) + '("--register-unsafely-without-email")) (if server `("--server" ,server) '()) (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) (if authentication-hook @@ -114,10 +117,12 @@ (if deploy-hook `("--deploy-hook" ,deploy-hook) '())) (append (list name certbot "certonly" "-n" "--agree-tos" - "-m" email "--webroot" "-w" webroot "--cert-name" name "-d" (string-join domains ",")) + (if email + `("--email" ,email) + '("--register-unsafely-without-email")) (if server `("--server" ,server) '()) (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))) -- 2.28.0