standalone: do not attempt webdir challenge verification

webdir challenge verfication will always fail with standalone due to the server not being started immediately at the point of challenge creation.
2019-03-23 09:56:29 +01:00 · 2019-03-23 09:56:29 +01:00 · 710c42c805
parent 1e5b1defa7
commit 710c42c805
2 changed files with 12 additions and 9 deletions
--- a/acertmgr/modes/standalone.py
+++ b/acertmgr/modes/standalone.py
@ -63,6 +63,7 @@ HTTPServer.allow_reuse_address = True
 class ChallengeHandler(WebChallengeHandler):
    def __init__(self, config):
        WebChallengeHandler.__init__(self, config)
+        self._verify_challenge = False
        self.current_directory = os.getcwd()
        if "port" in config:
            port = int(config["port"])
--- a/acertmgr/modes/webdir.py
+++ b/acertmgr/modes/webdir.py
@ -14,6 +14,7 @@ from acertmgr.modes.abstract import AbstractChallengeHandler
 class ChallengeHandler(AbstractChallengeHandler):
    def __init__(self, config):
        AbstractChallengeHandler.__init__(self, config)
+        self._verify_challenge = True
        self.challenge_directory = config.get("webdir", "/var/www/acme-challenge/")
        if not os.path.isdir(self.challenge_directory):
            raise FileNotFoundError("Challenge directory (%s) does not exist!" % self.challenge_directory)
@ -30,15 +31,16 @@ class ChallengeHandler(AbstractChallengeHandler):

        # check that the file is in place
        wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
-        try:
-            resp = tools.get_url(wellknown_url)
-            resp_data = resp.read().decode('utf8').strip()
-            if resp_data != keyauthorization:
-                raise ValueError("keyauthorization and response data do NOT match")
-        except (IOError, ValueError):
-            os.remove(wellknown_path)
-            raise ValueError("Wrote file to {0}, but couldn't download {1}".format(
-                wellknown_path, wellknown_url))
+        if self._verify_challenge:
+            try:
+                resp = tools.get_url(wellknown_url)
+                resp_data = resp.read().decode('utf8').strip()
+                if resp_data != keyauthorization:
+                    raise ValueError("keyauthorization and response data do NOT match")
+            except (IOError, ValueError):
+                os.remove(wellknown_path)
+                raise ValueError("Wrote file to {0}, but couldn't download {1}".format(
+                    wellknown_path, wellknown_url))
        return datetime.datetime.now()

    def destroy_challenge(self, domain, thumbprint, token):