aboutsummaryrefslogtreecommitdiffstats
path: root/client
diff options
context:
space:
mode:
Diffstat (limited to 'client')
-rwxr-xr-xclient44
1 files changed, 32 insertions, 12 deletions
diff --git a/client b/client
index 2566c9b..3bf0bad 100755
--- a/client
+++ b/client
@@ -257,6 +257,7 @@ elsif ($COMMAND =~ /\Areg=(\p{Print}+)\Z/) {
#
elsif ($COMMAND eq 'new-cert') {
die unless @ARGV;
+ my $timeout = $CONFIG->{timeout} // 10;
foreach my $domain (@ARGV) {
print STDERR "Processing new DNS authz for $domain\n" if $ENV{DEBUG};
my $r = acme_resource('new-authz', identifier => {type => 'dns', value => $domain});
@@ -284,14 +285,28 @@ elsif ($COMMAND eq 'new-cert') {
keyAuthorization => $keyAuthorization
});
# wait until the status become 'valid'
- for ( my $i = 0, my $status;
- $status = request_json_decode($r)->{status} // 'pending',
+ for ( my $i = 0, my $content, my $status;
+ $content = request_json_decode($r),
+ $status = $content->{status} // 'pending',
$status ne 'valid';
- $r = request('GET' => $challenge->{uri}), $i++ ) {
+ $r = request('GET' => $challenge->{uri})) {
+ if (defined (my $problem = $content->{error})) { # problem document (RFC 7807)
+ my $msg = $problem->{status};
+ $msg .= " " .$problem->{title} if defined $problem->{title};
+ $msg .= " (".$problem->{detail}.")" if defined $problem->{detail};
+ die $msg, "\n";
+ }
die "Error: Invalid challenge for $domain (status: ".$status.")\n" if $status ne 'pending';
- die "Timeout exceeded while waiting for challenge to pass ($domain)\n"
- if $i >= ($CONFIG->{timeout} // 10);
- sleep 1;
+
+ my $sleep = 1;
+ if (defined (my $retry_after = $r->header('Retry-After'))) {
+ print STDERR "Retrying after $retry_after seconds...\n";
+ $sleep = $retry_after;
+ }
+
+ $i += $sleep;
+ die "Timeout exceeded while waiting for challenge to pass ($domain)\n" if $timeout > 0 and $i >= $timeout;
+ sleep $sleep;
}
}
@@ -302,12 +317,17 @@ elsif ($COMMAND eq 'new-cert') {
# https://acme-v01.api.letsencrypt.org/acme/cert/$serial
print STDERR "Certificate URI: $uri\n";
- # wait for the cert
- for (my $i = 0; $r->decoded_content() eq ''; $r = request('GET' => $uri), $i++) {
- die request_status_line($r), "\n" unless $r->is_success();
- die "Timeout exceeded while waiting for certificate\n"
- if $i >= ($CONFIG->{timeout} // 10);
- sleep 1;
+ if ($r->decoded_content() eq '') { # wait for the cert
+ for (my $i = 0;;) {
+ $r = request('GET' => $uri);
+ die request_status_line($r), "\n" unless $r->is_success();
+ last unless $r->code == 202; # Accepted
+ my $retry_after = $r->header('Retry-After') // 1;
+ print STDERR "Retrying after $retry_after seconds...\n";
+ $i += $retry_after;
+ die "Timeout exceeded while waiting for certificate\n" if $timeout > 0 and $i >= $timeout;
+ sleep $retry_after;
+ }
}
my $der = $r->decoded_content();