Preserve cert alias case #609

New Issue

adam · 2025-12-29T01:27:48+01:00

adam commented

2025-12-29 01:27:48 +01:00

Originally created by @RinkAttendant6 on GitHub (Jun 9, 2023).

Issue

The certalias will always be lowercased regardless of how it was specified in domains.txt.

Input

domains.txt

example.net > vs-FOO-HTTP

Output

A directory named vs-foo-http is created to store files. The alias environment variable as mentioned in #907 will also contain the value in lowercase.

Expected output

A directory named vs-FOO-HTTP, and similarly the alias variable should contain the original case of the alias.

Details

Initially this behaviour seems odd as the vast majority of Linux systems have case-sensitive filesystem as opposed to typical Windows filesystem usage, so I did some more investigation.

The code on https://github.com/dehydrated-io/dehydrated/blob/v0.7.1/dehydrated#L1674 transforms the entire file to lowercase before any other processing takes place (stripping comments/blank lines, etc.). This was originally added in 33f07fcc0b to fix #176, where there was an issue with case-sensitivity in the domain names with specific ACME servers (not sure which, since Let's Encrypt doesn't have this issue).

Lowercasing the entire input rather than the domains seems overkill. Was it done for performance reasons to avoid repeatedly running tr or awk for each line (around lines 1719, 1720)?

For my use case, I am not too concerned with the name of the directory on the filesystem, but I am using the alias value to deploy the certs in the hook script. Specifically I followed this tutorial: https://community.f5.com/t5/technical-articles/automate-let-s-encrypt-certificates-on-big-ip/ta-p/293783/redirect_from_archived_page/true , but instead of having the F5_HTTP environment variable (where it would be constant for the entire script), I'm using the alias in domains.txt to specify the name of the virtual server that the each set of cert/chain/key should be deployed to. That name is case sensitive.

For now, I have added an extra function in my hook script to read domains.txt to find a non-comment line that ends with > vs-foo-http, to get the original case (vs-FOO-HTTP)...

def _determine_actual_alias(alias: str) -> str | None:
    with open("domains.txt") as f:
        for line in f:
            if not line.startswith('#') and line.strip().lower().endswith("> " + alias):
                return line.strip().split()[-1]

(for anyone who might use it: the code isn't perfect, it assumes the existence of an explicitly stated alias and exactly one space after the >, it's just an example)

It works, and luckily for me it's only deploy_challenge and clean_challenge that requires it, but it's not the greatest to have to run that.

This tool is great, and I've definitely improved my skills in Bash scripting by reading through the code to understand some of what it is doing.

Originally created by @RinkAttendant6 on GitHub (Jun 9, 2023). ## Issue The certalias will always be lowercased regardless of how it was specified in domains.txt. ## Input domains.txt ``` example.net > vs-FOO-HTTP ``` ## Output A directory named `vs-foo-http` is created to store files. The `alias` environment variable as mentioned in #907 will also contain the value in lowercase. ## Expected output A directory named `vs-FOO-HTTP`, and similarly the `alias` variable should contain the original case of the alias. ## Details Initially this behaviour seems odd as the vast majority of Linux systems have case-sensitive filesystem as opposed to typical Windows filesystem usage, so I did some more investigation. The code on https://github.com/dehydrated-io/dehydrated/blob/v0.7.1/dehydrated#L1674 transforms the entire file to lowercase before any other processing takes place (stripping comments/blank lines, etc.). This was originally added in 33f07fcc0bba97e2da71bffd27ce856ddcf0fe23 to fix #176, where there was an issue with case-sensitivity in the domain names with specific ACME servers (not sure which, since Let's Encrypt doesn't have this issue). Lowercasing the entire input rather than the domains seems overkill. Was it done for performance reasons to avoid repeatedly running `tr` or `awk` for each line (around lines 1719, 1720)? For my use case, I am not too concerned with the name of the directory on the filesystem, but I am using the alias value to deploy the certs in the hook script. Specifically I followed this tutorial: https://community.f5.com/t5/technical-articles/automate-let-s-encrypt-certificates-on-big-ip/ta-p/293783/redirect_from_archived_page/true , but instead of having the F5_HTTP environment variable (where it would be constant for the entire script), I'm using the alias in domains.txt to specify the name of the virtual server that the each set of cert/chain/key should be deployed to. That name is case sensitive. For now, I have added an extra function in my hook script to read domains.txt to find a non-comment line that ends with `> vs-foo-http`, to get the original case (`vs-FOO-HTTP`)... ```python def _determine_actual_alias(alias: str) -> str | None: with open("domains.txt") as f: for line in f: if not line.startswith('#') and line.strip().lower().endswith("> " + alias): return line.strip().split()[-1] ``` (for anyone who might use it: the code isn't perfect, it assumes the existence of an explicitly stated alias and exactly one space after the `>`, it's just an example) It works, and luckily for me it's only deploy_challenge and clean_challenge that requires it, but it's not the greatest to have to run that. This tool is great, and I've definitely improved my skills in Bash scripting by reading through the code to understand some of what it is doing.

adam referenced this issue

2025-12-29 01:29:44 +01:00

[PR #609] [CLOSED] Ensure files are written to disk before symlink #869

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#609