From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jack Hill Subject: Certbot with alternative certificate authority Date: Thu, 5 Mar 2020 13:57:35 -0500 (EST) Message-ID: Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:57183) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j9vgg-0002sT-IW for guix-devel@gnu.org; Thu, 05 Mar 2020 13:57:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j9vgf-0006HD-57 for guix-devel@gnu.org; Thu, 05 Mar 2020 13:57:38 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:45258) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1j9vge-0006DY-Tr for guix-devel@gnu.org; Thu, 05 Mar 2020 13:57:37 -0500 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1j9vgd-0006BI-Ty for guix-devel@gnu.org; Thu, 05 Mar 2020 13:57:35 -0500 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Hi Guix, I'm working on making the certbot service work with any certificate authority that implements ACME, not just Let's Encrypt. I've done this by adding a server field to the certbot-configuration, and then using it in the match for certbot-command as follows: ``` diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 0d3be03383..3e71026387 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -70,6 +70,8 @@ (certificates certbot-configuration-certificates (default '())) (email certbot-configuration-email) + (server certbot-configuration-server + (default #f)) (rsa-key-size certbot-configuration-rsa-key-size (default #f)) (default-location certbot-configuration-default-location @@ -82,7 +84,7 @@ (define certbot-command (match-lambda (($ package webroot certificates email - rsa-key-size default-location) + server rsa-key-size default-location) (let* ((certbot (file-append package "/bin/certbot")) (rsa-key-size (and rsa-key-size (number->string rsa-key-size))) (commands @@ -101,6 +103,7 @@ "--cert-name" name "--manual-public-ip-logging-ok" "-d" (string-join domains ",")) + (if server `("--server" ,server) '()) (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) (if authentication-hook `("--manual-auth-hook" ,authentication-hook) @@ -113,6 +116,7 @@ "--webroot" "-w" webroot "--cert-name" name "-d" (string-join domains ",")) + (if server `("--server" ,server) '()) (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))) certificates))) ``` However, reconfiguring with the following certbot service: ``` (service certbot-service-type (certbot-configuration (email "jackhill@jackhill.us") (rsa-key-size 4096) (server "https://example.com/acme/api") (certificates (list (certificate-configuration (domains '("test.jackhill.us"))))))) ``` fails with: ``` Backtrace: 1 (primitive-load "/tmp/cerbot-test2/bin/guix") In guix/ui.scm: 1826:12 0 (run-guix-command _ . _) guix/ui.scm:1826:12: In procedure run-guix-command: Throw to key `match-error' with args `("match" "no matching pattern" 4096)'. ``` When removing "(rsa-key-size 4096)" from my configuration, everthing works as expected with the default key size. What error have I made? Best, Jack