You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a bunch of servers that need a TLS cert, but there is no Web server running on port 80/443. It would be neat to have the option of using an internal http server instead of writing the authorization string to disk, like certbot certonly --standalone.
The not-writing-to-disk is important to me because of embedded hardware with plain NAND flash, where unnecessary write cycles degrade the storage. Standalone mode might also be useful when automatically deploying new machines: the http server might not come up if the cert file is missing.
This should be possible in a few lines with just the standard libraries threading, http.server and socketserver.
# find the http-01 challenge and write the challenge file
import threading, http.server, socketserver
class StandaloneRequestServer(http.server.BaseHTTPRequestHandler):
def do_GET(self):
if self.path != "/.well-known/acme-challenge/{0}".format(token):
return self.send_error(404)
self.send_response(200)
self.send_header("Content-type", "text/plain") # probably superfluous
self.end_headers()
self.wfile.write(keyauthorization.encode())
srv_handler = socketserver.TCPServer(("0.0.0.0", 80), StandaloneRequestServer)
threading.Thread(target=srv_handler.serve_forever, daemon=True).start()
# later:
srv_handler.shutdown()
I'm not going to fully work this out, since the current 200 line limit won't allow for it right now.
The text was updated successfully, but these errors were encountered:
I have a bunch of servers that need a TLS cert, but there is no Web server running on port 80/443. It would be neat to have the option of using an internal http server instead of writing the authorization string to disk, like
certbot certonly --standalone.The not-writing-to-disk is important to me because of embedded hardware with plain NAND flash, where unnecessary write cycles degrade the storage. Standalone mode might also be useful when automatically deploying new machines: the http server might not come up if the cert file is missing.
This should be possible in a few lines with just the standard libraries
threading,http.serverandsocketserver.I'm not going to fully work this out, since the current 200 line limit won't allow for it right now.
The text was updated successfully, but these errors were encountered: