On Tue, Nov 03, 2020 at 10:37:04AM +0100, Matthias Pressfreund wrote:
>
> On 2020-11-03 09:56, Florian Obser wrote:
> > On Mon, Nov 02, 2020 at 02:35:48PM +0100, Matthias Pressfreund wrote:
> >> The patch below updates the acme-client(1) manpage by providing a
> >> closer match for the httpd(8) location block accepting acme challenge
> >> responses.
> >
> > How is this better?
> >
> > When the requested file exits in /var/www/acme/ I get a 200 in both cases.
> > When the file does not exists I get a 404 in both cases.
> >
>
> It is better because I may not want the server to return 404 if the file
> does not exist. Instead, I may want to let the server fall back to its
> default behavior as shown in the example below where it would simply drop
> the connection.
>
> server "example.com" {
> ...
> block drop
> location found "/.well-known/acme-challenge/*" { ... }
> ...
> }
I don't know, I'm not buying it, this doesn't feel neccesary for acme.
We wanted to have a minimal example that gets people going with
acme-client and httpd, now we have more fluff.
But I guess it's just me, so meh.
>
> > If /var/www/acme itself is missing I get 404 without this and 500 with
> > this patch. Why is 500 better?
> >
>
> Even in this case I like the 500 better as it reflects the state of my
> server, like if I point a location's root to a directory that does not
> exist, my server truly suffers from an 'internal server error'.
>
>
> > Thanks,
> > Florian
> >>
> >>
> >> Index: usr.sbin/acme-client/acme-client.1
> >> ===================================================================
> >> RCS file: /cvs/src/usr.sbin/acme-client/acme-client.1,v
> >> retrieving revision 1.34
> >> diff -u -p -u -p -r1.34 acme-client.1
> >> --- usr.sbin/acme-client/acme-client.1 10 May 2020 12:06:18 -0000
> >> 1.34
> >> +++ usr.sbin/acme-client/acme-client.1 2 Nov 2020 13:18:12 -0000
> >> @@ -14,7 +14,7 @@
> >> .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
> >> OF
> >> .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >> .\"
> >> -.Dd $Mdocdate: May 10 2020 $
> >> +.Dd $Mdocdate: November 2 2020 $
> >> .Dt ACME-CLIENT 1
> >> .Os
> >> .Sh NAME
> >> @@ -58,7 +58,7 @@ can be served by
> >> with this location block,
> >> which will properly map response challenges:
> >> .Bd -literal -offset indent
> >> -location "/.well-known/acme-challenge/*" {
> >> +location found "/.well-known/acme-challenge/*" {
> >> root "/acme"
> >> request strip 2
> >> }
> >>
> >
>
--
I'm not entirely sure you are real.
