starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Processing all deploy_challenge actions before any clean_challenge actions #77

New Issue
Closed
opened 2025-12-29 00:24:21 +01:00 by adam · 2 comments
adam commented 2025-12-29 00:24:21 +01:00
Owner
Copy Link

Originally created by @pwaring on GitHub (Mar 20, 2016).

I'm trying to use letsencrypt.sh to generate a single certificate for a number of domains (e.g.
example.org, mail.example.org, imap.example.org).

My DNS provider doesn't have an API - instead I have to upload text files with the DNS records and these get pushed out to the nameservers within 20 minutes. I can automate the process of creating the relevant TXT records from the information provided to my hook script (as $ARGV[4]) but the issue is that I have to wait 20 minutes after a deploy_challenge action to ensure that the records will definitely be on all the nameservers. This isn't a problem for one domain, but becomes a bit of a pain when I'm trying to generate a certificate for multiple domains.

At the moment I'm using the following command:

./letsencrypt.sh --hook ./hook.pl --challenge dns-01

which results in hook.pl being called as follows:

foreach (domain in domains)
  deploy_challenge domain
  clean_challenge domain

However, I want to process all the deploy_challenge actions first and then process all the clean_challenge actions, like so:

foreach (domain in domains)
  deploy_challenge domain

foreach (domain in domains)
  clean_challenge domain

Is this possible?

Originally created by @pwaring on GitHub (Mar 20, 2016). I'm trying to use letsencrypt.sh to generate a single certificate for a number of domains (e.g. `example.org`, `mail.example.org`, `imap.example.org`). My DNS provider doesn't have an API - instead I have to upload text files with the DNS records and these get pushed out to the nameservers within 20 minutes. I can automate the process of creating the relevant TXT records from the information provided to my hook script (as `$ARGV[4]`) but the issue is that I have to wait 20 minutes after a `deploy_challenge` action to ensure that the records will definitely be on all the nameservers. This isn't a problem for one domain, but becomes a bit of a pain when I'm trying to generate a certificate for multiple domains. At the moment I'm using the following command: `./letsencrypt.sh --hook ./hook.pl --challenge dns-01` which results in `hook.pl` being called as follows: ``` foreach (domain in domains) deploy_challenge domain clean_challenge domain ``` However, I want to process all the `deploy_challenge` actions first and then process all the `clean_challenge` actions, like so: ``` foreach (domain in domains) deploy_challenge domain foreach (domain in domains) clean_challenge domain ``` Is this possible?
adam closed this issue 2025-12-29 00:24:21 +01:00
adam commented 2025-12-29 00:24:22 +01:00
Author
Owner
Copy Link

@welwood08 commented on GitHub (Apr 7, 2016):

You might want to try setting HOOK_CHAIN="yes" in your config.sh and then have your hooks loop over groups of arguments. Each hook will be called only once with arguments for all domains together rather than 1 call per domain.

I've been using this option just fine to deploy all DNS challenges and ensure propagation automatically before proceeding to validate all and then clean all.

@welwood08 commented on GitHub (Apr 7, 2016): You might want to try setting `HOOK_CHAIN="yes"` in your config.sh and then have your hooks loop over groups of arguments. Each hook will be called only once with arguments for all domains together rather than 1 call per domain. I've been using this option just fine to deploy all DNS challenges and ensure propagation automatically before proceeding to validate all and then clean all.
adam commented 2025-12-29 00:24:23 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Apr 9, 2016):

Yes you should be able to use the HOOK_CHAIN config option like @welwood08 suggested.

I tried documenting this feature here: https://github.com/lukas2511/letsencrypt.sh/blob/master/docs/hook_chain.md

@lukas2511 commented on GitHub (Apr 9, 2016): Yes you should be able to use the `HOOK_CHAIN` config option like @welwood08 suggested. I tried documenting this feature here: https://github.com/lukas2511/letsencrypt.sh/blob/master/docs/hook_chain.md
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#77
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?