add HOOK_CHALLENGE option to run a command before the reponse

diff --git a/config.sh.example b/config.sh.example
index 63d9ebc1e7a7410f0d2807ca752bc7b0f8012127..0cf6574b1fac1a82632332c7fef6318091097669 100644 (file)
--- a/config.sh.example
+++ b/config.sh.example
@@ -2,3 +2,8 @@
 
 #CA="https://acme-v01.api.letsencrypt.org"
 WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
+
+# program called before responding to the challenge, arguments: path/to/token
+# token; can be used to e.g. upload the challenge if this script doesn't run
+# on the webserver
+#HOOK_CHALLENGE=

diff --git a/letsencrypt.sh b/letsencrypt.sh
index 82a068693e0210936a8f7d53cf5059f13d863a82..8297f42bd1ea2b1e5ed5e18310e84b97aff6d3c1 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -7,6 +7,7 @@ set -o pipefail
 # default config values
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
+HOOK_CHALLENGE=
 
 . ./config.sh
 
@@ -126,6 +127,11 @@ sign_domain() {
     printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}"
     chmod a+r "${WELLKNOWN}/${challenge_token}"
 
+    # Wait for hook script to deploy the challenge if used
+    if [ -n "${HOOK_CHALLENGE}" ]; then
+        ${HOOK_CHALLENGE} "${WELLKNOWN}/${challenge_token}" "${keyauth}"
+    fi
+
     # Ask the acme-server to verify our challenge and wait until it becomes valid
     echo "  + Responding to challenge for ${altname}..."
     result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"