From ec36339dfd2241cd518bb86b6714fc3b340afa95 Mon Sep 17 00:00:00 2001 From: Carlo Zancanaro Date: Sat, 10 Aug 2019 22:52:50 +1000 Subject: [PATCH] services: certbot: Add --manual-public-ip-logging-ok for manual challenges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/certbot.scm (certbot-command): Add --manual-public-ip-logging-ok flag to the certbot command when doing a manual challenge. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 4 +++- gnu/services/certbot.scm | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 39d4b865f6..55935b3794 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20302,7 +20302,9 @@ all domains will be Subject Alternative Names on the certificate. The challenge type that has to be run by certbot. If @code{#f} is specified, default to the HTTP challenge. If a value is specified, defaults to the manual plugin (see @code{authentication-hook}, @code{cleanup-hook} and -the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}). +the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}), +and gives Let's Encrypt permission to log the public IP address of the +requesting machine. @item @code{authentication-hook} (default: @code{#f}) Command to be run in a shell once for each certificate challenge to be diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index ae34ad17bb..0d3be03383 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -99,6 +99,7 @@ "--manual" (string-append "--preferred-challenges=" challenge) "--cert-name" name + "--manual-public-ip-logging-ok" "-d" (string-join domains ",")) (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) (if authentication-hook