Feature: Passing a list of all domains to the hook #164

New Issue

adam · 2025-12-29T00:26:20+01:00

adam commented

2025-12-29 00:26:20 +01:00

Originally created by @athei on GitHub (Nov 18, 2016).

Some name servers are really slow with reloading their zone files see #308. Therefore I need to have a sleep in my hook script (~15 minutes) to delay the challenge until the name servers are updated.

This is no problem when I only have one domain in my domains.txt. But when I have multiple domains dehydrated does call my hook for every domain, I do the wait, then it goes on with the challenge. Therefore I have 15 minutes wait time per domain.

To solve this there should be another hook where dehydrated passes all domains at once to the hook script so it can create all TXT records and wait. Then the challenge can go on and all challenges succeed.

Originally created by @athei on GitHub (Nov 18, 2016). Some name servers are really slow with reloading their zone files see #308. Therefore I need to have a sleep in my hook script (~15 minutes) to delay the challenge until the name servers are updated. This is no problem when I only have one domain in my domains.txt. But when I have multiple domains dehydrated does call my hook for every domain, I do the wait, then it goes on with the challenge. Therefore I have 15 minutes wait time per domain. To solve this there should be another hook where dehydrated passes all domains at once to the hook script so it can create all TXT records and wait. Then the challenge can go on and all challenges succeed.

adam closed this issue

2025-12-29 00:26:20 +01:00

adam commented

2025-12-29 00:26:21 +01:00

@txr13 commented on GitHub (Nov 18, 2016):

I feel like HOOK_CHAIN might be what you're looking for, which bundles all the challenges for a single certificate into one hook call.

There is no function to pass all challenges from all certificates in a single execution pass into a single hook call. My gut instinct is that this is a good design decision--bundling all challenges from all certificates would require a re-work of the main script's logic. Right now, it handles each certificate one at a time, and using HOOK_CHAIN doesn't really disrupt that overall flow.

But to implement a theoretical "HOOK_CHAIN_ALL" you'd have to rewrite the logic to go through all certificates, find the ones nearing expiry, request all challenges for all certificates, hook that out, wait for all challenges to be available, then request and update all the certificates which had to be expired, and then call separate instances of deploy_cert through your hook script, once for each certificate. Yes, it could be done, but it would be a pretty massive rewrite, only to be used in the event of setting the HOOK_CHAIN_ALL flag.

@txr13 commented on GitHub (Nov 18, 2016): I feel like HOOK_CHAIN might be what you're looking for, which bundles all the challenges for a single certificate into one hook call. There is no function to pass all challenges from all certificates in a single execution pass into a single hook call. My gut instinct is that this is a good design decision--bundling all challenges from all certificates would require a re-work of the main script's logic. Right now, it handles each certificate one at a time, and using HOOK_CHAIN doesn't really disrupt that overall flow. But to implement a theoretical "HOOK_CHAIN_ALL" you'd have to rewrite the logic to go through all certificates, find the ones nearing expiry, request all challenges for all certificates, hook that out, wait for all challenges to be available, then request and update all the certificates which had to be expired, and then call separate instances of deploy_cert through your hook script, once for each certificate. Yes, it could be done, but it would be a pretty massive rewrite, only to be used in the event of setting the HOOK_CHAIN_ALL flag.

adam commented

2025-12-29 00:26:21 +01:00

@athei commented on GitHub (Nov 18, 2016):

Okay that is better than nothing but does not help much if I want to update multiple domains at gandi. I had to put it all onto one certificate or wait the time for each certificate.

@athei commented on GitHub (Nov 18, 2016): Okay that is better than nothing but does not help much if I want to update multiple domains at gandi. I had to put it all onto one certificate or wait the time for each certificate.

adam commented

2025-12-29 00:26:21 +01:00

@txr13 commented on GitHub (Nov 18, 2016):

That's correct. And at that point, it's less a problem within dehydrated, and more a problem at Gandi.

@txr13 commented on GitHub (Nov 18, 2016): That's correct. And at that point, it's less a problem within dehydrated, and more a problem at Gandi.

adam commented

2025-12-29 00:26:22 +01:00

@lukas2511 commented on GitHub (Dec 18, 2016):

Passing all names for all certificates into a hook is not possible with the way this script is currently working as it is only parsing stuff for one certificate at a time, sorry.

@lukas2511 commented on GitHub (Dec 18, 2016): Passing all names for all certificates into a hook is not possible with the way this script is currently working as it is only parsing stuff for one certificate at a time, sorry.

adam referenced this issue

2025-12-29 01:28:44 +01:00

[PR #165] [MERGED] Use of 'grep -o' doesn't work on SunOS (fixes #164) #741

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#164