From b33f1288936dd118eba6d5627da6fee20d25c960 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Sun, 6 Dec 2015 01:06:17 +0100
Subject: [PATCH] add HOOK_CHALLENGE option to run a command before the reponse

---
 config.sh.example | 5 +++++
 letsencrypt.sh    | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/config.sh.example b/config.sh.example
index 63d9ebc..0cf6574 100644
--- a/config.sh.example
+++ b/config.sh.example
@@ -2,3 +2,8 @@
 
 #CA="https://acme-v01.api.letsencrypt.org"
 WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
+
+# program called before responding to the challenge, arguments: path/to/token
+# token; can be used to e.g. upload the challenge if this script doesn't run
+# on the webserver
+#HOOK_CHALLENGE=
diff --git a/letsencrypt.sh b/letsencrypt.sh
index 82a0686..8297f42 100755
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -7,6 +7,7 @@ set -o pipefail
 # default config values
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
+HOOK_CHALLENGE=
 
 . ./config.sh
 
@@ -126,6 +127,11 @@ sign_domain() {
     printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}"
     chmod a+r "${WELLKNOWN}/${challenge_token}"
 
+    # Wait for hook script to deploy the challenge if used
+    if [ -n "${HOOK_CHALLENGE}" ]; then
+        ${HOOK_CHALLENGE} "${WELLKNOWN}/${challenge_token}" "${keyauth}"
+    fi
+
     # Ask the acme-server to verify our challenge and wait until it becomes valid
     echo "  + Responding to challenge for ${altname}..."
     result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"
-- 
2.47.2