From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id uL0AAosVe2CgEAEAgWs5BA (envelope-from ) for ; Sat, 17 Apr 2021 19:06:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id GNIzN4oVe2BcawAAB5/wlQ (envelope-from ) for ; Sat, 17 Apr 2021 17:06:18 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4B5ACBA70 for ; Sat, 17 Apr 2021 19:06:18 +0200 (CEST) Received: from localhost ([::1]:52654 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lXoOe-0005t3-Un for larch@yhetil.org; Sat, 17 Apr 2021 13:06:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58826) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXoC7-0001gz-Hg for help-guix@gnu.org; Sat, 17 Apr 2021 12:53:21 -0400 Received: from out1.migadu.com ([91.121.223.63]:64291) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXoBw-0002Kf-WB for help-guix@gnu.org; Sat, 17 Apr 2021 12:53:14 -0400 To: Pierre Langlois DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raghavgururajan.name; s=key1; t=1618678382; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=VDNwSiYDygz73vu90oA9/Vd5mB0aeED+iQKF2vy9Evc=; b=fK2jTMqJylBHrFNLN0Ql6oPE6ZCxI876+Vt1iPCofAR7dmqAj7rd986Ea1LpY3YTJC0NQp g4Qn+VYyVQK4pVsQmWvloAnf8OIG0GwUq/GSudkYW1K/zM+euJv2GpE7rtY/B+aitPUSL8 ao2TfF5QSJ/SlAmp7Vuhyk3zMWSU21q3/Yhk+wvi32YPPRqKThh1CRxkXTD2VNugi+T6nC pIZPTEY57l0astSu4dIJbBUM7Pb0XkO4RnRengiriY7VqowERHEUlgNaSz/f2x+vAG2bmH 1lR6wtGQorcKndh2iRTajUUu8SxtB5wJvYOMMAu/5s1/N7Ya07TkhPhCYUDOyQ== Cc: help-guix@gnu.org References: <87tuo5mcln.fsf@gmx.com> <87v98klva4.fsf@gmx.com> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Raghav Gururajan Subject: Re: Certbot with DNS Challenge Message-ID: Date: Sat, 17 Apr 2021 12:53:01 -0400 MIME-Version: 1.0 In-Reply-To: <87v98klva4.fsf@gmx.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="p5CwXvuSiMet3unL4ua9mdGLprNk2YJHP" X-Migadu-Auth-User: rg@raghavgururajan.name Received-SPF: pass client-ip=91.121.223.63; envelope-from=rg@raghavgururajan.name; helo=out1.migadu.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1618679178; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=VDNwSiYDygz73vu90oA9/Vd5mB0aeED+iQKF2vy9Evc=; b=ZWuWCEcwuIgjdtB241wjHoet8oU277Wkcj7VHOACiSjYxTANqwD9eUwbFxysvhEHpB3O+4 4PDjIMRJN1uHdzy0jpE+xGtEmNZR4Da9bEghPLfO8XS9zxWa6k5woE9OzkoDGmtNJHgQVW /hcUu1/sJsAoqDnrdKQ3N23scTQQN5uPWIqbL+eDs78sQBgOajS0WG0PgpQ2uYs37F5fGN IJDOGNzjGB4j2PG3rrVnXKo/NgM2WPgNV5LimFlcnoo6xbMK/HjRZFnkaQEiVF10l4dHEv qZ6SlHR/Yt6bfCfIb/TR/8jRVo5nFoBnBLwFP9jnzka5WKh3xsswvXLBeUMLUw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1618679178; a=rsa-sha256; cv=none; b=k4BsYzHjkdfriDES5D3lkhNt6yby3/TE9uASuGPpqvcA5CI/3pi04GwxPUO72A1o3XBiH4 lDlehs4W/EZh/c0J/OUuLP6Y5oYIpwUcL13deSmtqWituVPuQwL+D798ikNy1OwuKHXKOn Xq2BxCZeLYFk4WP+n937j5iaS4DAm1WVzAvnsGEmbNaavlwisareZZuqVWaVIsO4dkUKTb QGFkjxm6Quv6WCrTsv1WxSQSFBU/E0C1aRFyB9+5Op7fnyUXEg5T7KRBFHK6hlWKUhDV3u Z1Zn+pjIOyo9RMDQBvGw7ifLA2k9fTkrc5v7PTu5J5eChLR3zi7g0you0islqA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=raghavgururajan.name header.s=key1 header.b=fK2jTMqJ; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.64 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=raghavgururajan.name header.s=key1 header.b=fK2jTMqJ; dmarc=pass (policy=quarantine) header.from=raghavgururajan.name; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 4B5ACBA70 X-Spam-Score: -3.64 X-Migadu-Scanner: scn0.migadu.com X-TUID: 4ZqEfhJb6bqx This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --p5CwXvuSiMet3unL4ua9mdGLprNk2YJHP Content-Type: multipart/mixed; boundary="3EPzcBKvxOeO5r3o2BPN3eaGgV7xvBHlQ"; protected-headers="v1" From: Raghav Gururajan To: Pierre Langlois Cc: help-guix@gnu.org Message-ID: Subject: Re: Certbot with DNS Challenge References: <87tuo5mcln.fsf@gmx.com> <87v98klva4.fsf@gmx.com> In-Reply-To: <87v98klva4.fsf@gmx.com> --3EPzcBKvxOeO5r3o2BPN3eaGgV7xvBHlQ Content-Type: multipart/mixed; boundary="------------911804DA192CB99B95BE6C3F" Content-Language: en-US This is a multi-part message in MIME format. --------------911804DA192CB99B95BE6C3F Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Pierre! >> So, in your snippet, I should replace certbot-*-hook with "/etc/desec/= hook.sh", >> right? >=20 > Is the "hook.sh" script copied directly from the desec-certbot-hook > package? In which case, I think you'll want to use `file-append` to > directly refer to the package's script, something like this? >=20 > --8<---------------cut here---------------start------------->8--- > (authentication-hook (file-append desec-certbot-hook "/etc/hook.sh") > (cleanup-hook (file-append desec-certbot-hook "/etc/hook.sh") > --8<---------------cut here---------------end--------------->8--- The package is not in Guix yet (#47840). For now, manually downloaded=20 the script and placed it in /etc/desec. I tried the following and it worked, (service certbot-service-type (certbot-configuration (email "admin@raghavgururajan.name") (certificates (list (certificate-configuration (domains '("raghavgururajan.name" "*.raghavgururajan.name")) (challenge "dns") (authentication-hook "/etc/desec/hook.sh") (cleanup-hook "/etc/desec/hook.sh")))))) I was wondering how to generate certs with custom CSR, provided by some=20 hosting-providers. Any ideas? Regards, RG. --------------911804DA192CB99B95BE6C3F Content-Type: application/pgp-keys; name="OpenPGP_0x5F5816647F8BE551.asc" Content-Transfer-Encoding: quoted-printable Content-Description: OpenPGP public key Content-Disposition: attachment; filename="OpenPGP_0x5F5816647F8BE551.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX2ZCJBYJKwYBBAHaRw8BAQdAdiUK33kml2dYjrWidlr4/v0pmjpUv7hOsBN/oSl5wx7NL= 1Jh Z2hhdiBHdXJ1cmFqYW4gKFJHKSA8cmdAcmFnaGF2Z3VydXJhamFuLm5hbWU+wpMEExYIADsCG= wMF CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTNLV6qqYzLN9qR1rBfWBZkf4vlUQUCX28v0AIZA= QAK CRBfWBZkf4vlUQf2AQD63gsdJzk0w6Gy0AzpJtMa63mbVRAh4xfnxsRNu6SbGQD/UDytGjwnQ= 4nK YsGdoCcA7LM64EkknDvI3ZmlqG7Xuw/NPVJhZ2hhdiBHdXJ1cmFqYW4gKEVkdWNhdGlvbikgP= GVk dWNhdGlvbkByYWdoYXZndXJ1cmFqYW4ubmFtZT7CkAQTFggAOBYhBM0tXqqpjMs32pHWsF9YF= mR/ i+VRBQJgE0xGAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEF9YFmR/i+VRQcQBALNRe= 1V/ 5DKN8ZxyVQlzt4TdGUyNom7xJ6r23ANtcygxAQDBjw6NLXV3aYGDMVVmQPbdAnFiB/x1rpJsA= wB/ 1BSBDc05UmFnaGF2IEd1cnVyYWphbiAoRmluYW5jZSkgPGZpbmFuY2VAcmFnaGF2Z3VydXJha= mFu Lm5hbWU+wpAEExYIADgWIQTNLV6qqYzLN9qR1rBfWBZkf4vlUQUCYBNMbwIbAwULCQgHAgYVC= gkI CwIEFgIDAQIeAQIXgAAKCRBfWBZkf4vlUWnLAP914hb0IzSCiaj+XrcEBaIt/Q+KjRn2fj5A7= V6Z ucJJqwEA64eks7xjLBS3mpTpaGwdDtluJcR7G8XZJJdbdK2YyQ/NN1JhZ2hhdiBHdXJ1cmFqY= W4g KEhlYWx0aCkgPGhlYWx0aEByYWdoYXZndXJ1cmFqYW4ubmFtZT7CkAQTFggAOBYhBM0tXqqpj= Ms3 2pHWsF9YFmR/i+VRBQJgE0yhAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEF9YFmR/i= +VR xdcA/3YxFzlKKHrTguDxE1tBWD31BUYlXWl351j6MB/U+tWdAPwJB8QD8janaddv3U5ZGzswf= hQv GGzx6SLcX0E253uNC80/UmFnaGF2IEd1cnVyYWphbiAoT2NjdXBhdGlvbikgPG9jY3VwYXRpb= 25A cmFnaGF2Z3VydXJhamFuLm5hbWU+wpAEExYIADgWIQTNLV6qqYzLN9qR1rBfWBZkf4vlUQUCY= BNM ugIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBfWBZkf4vlUSrlAP0VJw8frvWHAGd6l= Zdy x1v+relUGB4DToqDgIMBQyG58gD+NU5t4h0IY6YaiQ+FPyJzdV62k15d9IDvTMYPvcWIpQPNP= 1Jh Z2hhdiBHdXJ1cmFqYW4gKFJlY3JlYXRpb24pIDxyZWNyZWF0aW9uQHJhZ2hhdmd1cnVyYWphb= i5u YW1lPsKQBBMWCAA4FiEEzS1eqqmMyzfakdawX1gWZH+L5VEFAmATTNkCGwMFCwkIBwIGFQoJC= AsC BBYCAwECHgECF4AACgkQX1gWZH+L5VHhbQD/b6jXWdQfxi+xzrs1+A0lvnihfUgQ0H/r5U2bO= w9d FIkA/0nCh0VJKX+YrySJhWugL7e8ItqwKADh0v05vO6qtlkAzTdSYWdoYXYgR3VydXJhamFuI= ChT b2NpYWwpIDxzb2NpYWxAcmFnaGF2Z3VydXJhamFuLm5hbWU+wpAEExYIADgWIQTNLV6qqYzLN= 9qR 1rBfWBZkf4vlUQUCYBNM8AIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBfWBZkf4vlU= dtv AQCKMxBdxwMUJdyigGWqrTuJUaLVL2dgvqGa0k39nsQA8gD+PH3LsQAaJ98xREKxYXMAszNnJ= RJR xYa9trfixyQbrw7NNVJhZ2hhdiBHdXJ1cmFqYW4gKFRyYWRlKSA8dHJhZGVAcmFnaGF2Z3Vyd= XJh amFuLm5hbWU+wpAEExYIADgWIQTNLV6qqYzLN9qR1rBfWBZkf4vlUQUCYBNNHQIbAwULCQgHA= gYV CgkICwIEFgIDAQIeAQIXgAAKCRBfWBZkf4vlUQ+9AP0S/6S5PLshS/vz7ezRO2HokruaRiDhg= w0t yRM3LAefSQEA7rEBw9sSUsDgRILGKUi1ZzQq5AJ0F77KOXyurVqnywXOOARfZkIkEgorBgEEA= ZdV AQUBAQdAZgiqc2NhH/myrCCan9x7gKI6QBPZ/1b+Bz/f3n95ozkDAQgHwngEGBYIACAWIQTNL= V6q qYzLN9qR1rBfWBZkf4vlUQUCX2ZCJAIbDAAKCRBfWBZkf4vlUV/OAQD+tMNgmddPSchLpaDPp= sdD hpvra2uTonNUmnfbTvPgpQD/dG72NCT8hBUVqtzxwQmBrXY/nPEUxctYuvu3unUmzQU=3D =3DMROf -----END PGP PUBLIC KEY BLOCK----- --------------911804DA192CB99B95BE6C3F-- --3EPzcBKvxOeO5r3o2BPN3eaGgV7xvBHlQ-- --p5CwXvuSiMet3unL4ua9mdGLprNk2YJHP Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTNLV6qqYzLN9qR1rBfWBZkf4vlUQUCYHsSbQUDAAAAAAAKCRBfWBZkf4vlUV57 AP9o9d0yKj0076ZFFlN0upRTV97AQfNkz4M0HNrfqlgn4wEAmh4ZOxJuqseoieR5U5ml465LTs0T QJwPN7Ly+z2poA8= =QwCi -----END PGP SIGNATURE----- --p5CwXvuSiMet3unL4ua9mdGLprNk2YJHP--