Local file write when using http-01 and hook script #602

New Issue

adam · 2025-12-29T01:27:44+01:00

adam commented

2025-12-29 01:27:44 +01:00

Originally created by @sethwklein on GitHub (Mar 29, 2023).

There is a workflow that involves using a hook script to copy the http-01 challenge file to another machine via ssh.

I attempted to use this by adding the following to hook.sh:

printf '%s' "$TOKEN_VALUE" \
    | ssh remote.example.com \
    "cat > $WELLKNOWN/$TOKEN_FILENAME"

This resulted in an error when dehydrated attempted to write to $WELLKNOWN/$TOKEN_FILENAME on the local machine because it doesn't skip doing so when using a hook script. I could work around that by setting $WELLKNOWN to some directory that exists on the local machine, but that seems hackish.

If it helps, the code that needs to be disabled is...

        printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_tokens[${idx}]}"
        chmod a+r "${WELLKNOWN}/${challenge_tokens[${idx}]}"

This is using dehydrated e3ef43c816f73d443f32410862d9253d35cf3f99 (master as of 2023-01-16.)

I ended up going with other tools, so I submit this issue only so that it may be useful to someone putting work into dehydrated. If it is not, it may be closed without costing me anything.

Originally created by @sethwklein on GitHub (Mar 29, 2023). There is a workflow that involves using a hook script to copy the http-01 challenge file to another machine via ssh. I attempted to use this by adding the following to `hook.sh`: ```sh printf '%s' "$TOKEN_VALUE" \ | ssh remote.example.com \ "cat > $WELLKNOWN/$TOKEN_FILENAME" ``` This resulted in an error when dehydrated attempted to write to `$WELLKNOWN/$TOKEN_FILENAME` on the local machine because it doesn't skip doing so when using a hook script. I could work around that by setting `$WELLKNOWN` to some directory that exists on the local machine, but that seems hackish. If it helps, the code that needs to be disabled is... ``` printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_tokens[${idx}]}" chmod a+r "${WELLKNOWN}/${challenge_tokens[${idx}]}" ``` This is using dehydrated `e3ef43c816f73d443f32410862d9253d35cf3f99` (`master` as of 2023-01-16.) I ended up going with other tools, so I submit this issue only so that it may be useful to someone putting work into dehydrated. If it is not, it may be closed without costing me anything.

adam commented

2025-12-29 01:27:45 +01:00

@RinkAttendant6 commented on GitHub (Jun 9, 2023):

I ran into this issue as well (my hook script makes API call to deploy and clean challenge, rather than ssh) and it seems to be the same (or similar) as #314.

I could work around that by setting $WELLKNOWN to some directory that exists on the local machine, but that seems hackish.

I suppose it's a little hackish but you can just point it to /tmp or something.

@RinkAttendant6 commented on GitHub (Jun 9, 2023): I ran into this issue as well (my hook script makes API call to deploy and clean challenge, rather than ssh) and it seems to be the same (or similar) as #314. > I could work around that by setting $WELLKNOWN to some directory that exists on the local machine, but that seems hackish. I suppose it's a little hackish but you can just point it to `/tmp` or something.

adam referenced this issue

2025-12-29 01:29:45 +01:00

[PR #602] [CLOSED] allow setting OCSP_FETCH and OCSP_DAYS per certificate config #871

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#602