From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 10 17:54:45 2019 Received: (at 36998) by debbugs.gnu.org; 10 Sep 2019 21:54:45 +0000 Received: from localhost ([127.0.0.1]:41780 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7o5y-0005ox-L8 for submit@debbugs.gnu.org; Tue, 10 Sep 2019 17:54:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7o5w-0005oh-Tj for 36998@debbugs.gnu.org; Tue, 10 Sep 2019 17:54:41 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35009) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1i7o5r-0003e8-NL; Tue, 10 Sep 2019 17:54:35 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54710 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1i7o5r-0001Y6-At; Tue, 10 Sep 2019 17:54:35 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Carlo Zancanaro Subject: Re: [bug#36998] [PATCH] services: certbot: Add --manual-public-ip-logging-ok for manual challenges References: <87imr588wk.fsf@zancanaro.id.au> Date: Tue, 10 Sep 2019 23:54:33 +0200 In-Reply-To: <87imr588wk.fsf@zancanaro.id.au> (Carlo Zancanaro's message of "Sat, 10 Aug 2019 23:08:59 +1000") Message-ID: <87a7bb24x2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36998 Cc: 36998@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Carlo, Time flies=E2=80=A6 Carlo Zancanaro skribis: > I recently tried to configure the certbot-service with the dns > challenge type. It failed, because certbot tries to ask whether you're > okay with letsencrypt knowing (and potentially logging) your IP > address, but within an mcron task that just fails. > > The solution is to add the --manual-public-ip-logging-ok flag, so > here's a patch to do that! [...] > --- a/gnu/services/certbot.scm > +++ b/gnu/services/certbot.scm > @@ -99,6 +99,7 @@ > "--manual" > (string-append "--preferred-challenges=3D" c= hallenge) > "--cert-name" name > + "--manual-public-ip-logging-ok" > "-d" (string-join domains ",")) Perhaps we should pass --manual-public-ip-logging-ok only when =E2=80=98challenge=E2=80=99 has the expected value (DNS challenge type; wha= t=E2=80=99s the value for that?), and also document that prominently in the manual? Thanks, Ludo=E2=80=99.