summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarlo Zancanaro <carlo@zancanaro.id.au>2019-08-10 22:52:50 +1000
committerLudovic Courtès <ludo@gnu.org>2019-09-16 10:22:35 +0200
commitec36339dfd2241cd518bb86b6714fc3b340afa95 (patch)
tree10445470dd0a2ab22f9352a10cabb1aeb7443d74
parentfb6e550d6b054371bff5d27f4c368a8cd977bb40 (diff)
downloadpatches-ec36339dfd2241cd518bb86b6714fc3b340afa95.tar
patches-ec36339dfd2241cd518bb86b6714fc3b340afa95.tar.gz
services: certbot: Add --manual-public-ip-logging-ok for manual challenges
* gnu/services/certbot.scm (certbot-command): Add --manual-public-ip-logging-ok flag to the certbot command when doing a manual challenge. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--doc/guix.texi4
-rw-r--r--gnu/services/certbot.scm1
2 files changed, 4 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 39d4b865f6..55935b3794 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20302,7 +20302,9 @@ all domains will be Subject Alternative Names on the certificate.
The challenge type that has to be run by certbot. If @code{#f} is specified,
default to the HTTP challenge. If a value is specified, defaults to the
manual plugin (see @code{authentication-hook}, @code{cleanup-hook} and
-the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}).
+the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
+and gives Let's Encrypt permission to log the public IP address of the
+requesting machine.
@item @code{authentication-hook} (default: @code{#f})
Command to be run in a shell once for each certificate challenge to be
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index ae34ad17bb..0d3be03383 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -99,6 +99,7 @@
"--manual"
(string-append "--preferred-challenges=" challenge)
"--cert-name" name
+ "--manual-public-ip-logging-ok"
"-d" (string-join domains ","))
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
(if authentication-hook