starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 07:10:34 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Hook_chain being ignored #340

New Issue
Closed
opened 2025-12-29 01:23:23 +01:00 by adam · 4 comments
adam commented 2025-12-29 01:23:23 +01:00
Owner
Copy Link

Originally created by @ryancbutler on GitHub (Apr 27, 2018).

Recently Dehydrated seems to be validating challenges only after all my deploy challenges have been run causing issues on approval. Seems like HOOK_CHAIN value is being seen as YES.

I have hook_chain set to no in my config

domains are listed as
mysub.domain.com mysub1.domain.com mysub2.domain.com

Dehydrated by Lukas Schauer
https://dehydrated.io

Dehydrated version: git-master-after-0.6.2
GIT-Revision: b5dddd7a2b64b1e035a1bd27aa5e699a304bdbca

OS: Ubuntu 16.04.3 LTS
Used software:
 bash: 4.3.48(1)-release
 curl: curl 7.47.0
 awk: GNU Awk 4.1.3, API: 1.1 (GNU MPFR 3.1.4, GNU MP 6.1.0)
 sed: sed (GNU sed) 4.2.2
 mktemp: mktemp (GNU coreutils) 8.25
 grep: grep (GNU grep) 2.25
 diff: diff (GNU diffutils) 3.3
 openssl: OpenSSL 1.0.2g  1 Mar 2016
Originally created by @ryancbutler on GitHub (Apr 27, 2018). Recently Dehydrated seems to be validating challenges only after all my deploy challenges have been run causing issues on approval. Seems like HOOK_CHAIN value is being seen as YES. I have **hook_chain** set to no in my config domains are listed as mysub.domain.com mysub1.domain.com mysub2.domain.com ``` Dehydrated by Lukas Schauer https://dehydrated.io Dehydrated version: git-master-after-0.6.2 GIT-Revision: b5dddd7a2b64b1e035a1bd27aa5e699a304bdbca OS: Ubuntu 16.04.3 LTS Used software: bash: 4.3.48(1)-release curl: curl 7.47.0 awk: GNU Awk 4.1.3, API: 1.1 (GNU MPFR 3.1.4, GNU MP 6.1.0) sed: sed (GNU sed) 4.2.2 mktemp: mktemp (GNU coreutils) 8.25 grep: grep (GNU grep) 2.25 diff: diff (GNU diffutils) 3.3 openssl: OpenSSL 1.0.2g 1 Mar 2016 ```
adam closed this issue 2025-12-29 01:23:23 +01:00
adam commented 2025-12-29 01:23:24 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Apr 27, 2018):

This works as intended. Because of problems with wildcard validations there isn't really any choice but to deploy all tokens before doing anything else. Since I wanted to avoid having multiple different behaviours this now is the way it works. Hook-Chaining is different in that it deploys all tokens in one hook-call, without chaining it's still one after another, just the validation is delayed.

@lukas2511 commented on GitHub (Apr 27, 2018): This works as intended. Because of problems with wildcard validations there isn't really any choice but to deploy all tokens before doing anything else. Since I wanted to avoid having multiple different behaviours this now is the way it works. Hook-Chaining is different in that it deploys all tokens in one hook-call, without chaining it's still one after another, just the validation is delayed.
adam commented 2025-12-29 01:23:24 +01:00
Author
Owner
Copy Link

@ryancbutler commented on GitHub (Apr 27, 2018):

Oh bummer. I had a process that would use the token to edit the same netscaler policy with the challenge token for every domain. Any other options you can think of to mimic this behavior?

@ryancbutler commented on GitHub (Apr 27, 2018): Oh bummer. I had a process that would use the token to edit the same netscaler policy with the challenge token for every domain. Any other options you can think of to mimic this behavior?
adam commented 2025-12-29 01:23:26 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Apr 27, 2018):

I don't really have any experience with Netscaler, but from a quick glance over your code you could just add multiple rules, or maybe there is a way to set up a reverse proxy or something? Otherwise you could maybe validate tokens over DNS-01 instead.

@lukas2511 commented on GitHub (Apr 27, 2018): I don't really have any experience with Netscaler, but from a quick glance over your code you could just add multiple rules, or maybe there is a way to set up a reverse proxy or something? Otherwise you could maybe validate tokens over DNS-01 instead.
adam commented 2025-12-29 01:23:26 +01:00
Author
Owner
Copy Link

@ryancbutler commented on GitHub (Apr 28, 2018):

It's possible to create multiple rules but will take some re-work. Will try to figure something out. Thanks for the help.

@ryancbutler commented on GitHub (Apr 28, 2018): It's possible to create multiple rules but will take some re-work. Will try to figure something out. Thanks for the help.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#340
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?