--- Begin Message ---
Subject: |
[PATCH] services: certbot: Support registration without email. |
Date: |
Fri, 11 Sep 2020 13:55:55 +0200 |
* gnu/services/certbot.scm (certbot-configuration): Add default for the
email option.
(certbot-command): Pass email for registration only when specified.
* doc/guix.texi (Certificate Services): "mandatory"→"optional" email.
---
Allow registering a Let’s Encrypt account without an email address,
which is dicouraged but possible. I tried factoring out the common
options for HTTP/manual challenges but it turned out quite messy, so I
just added the option for both cases.
Thanks!
doc/guix.texi | 7 ++++---
gnu/services/certbot.scm | 11 ++++++++---
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index bad2d36e42..a8e7b27349 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -22469,9 +22469,10 @@ A list of @code{certificates-configuration}s for which
to generate
certificates and request signatures. Each certificate has a @code{name}
and several @code{domains}.
-@item @code{email}
-Mandatory email used for registration, recovery contact, and important
-account notifications.
+@item @code{email} (default: @code{#f})
+Optional email address used for registration and recovery contact.
+Setting this is encouraged as it allows you to receive important
+notifications about the account and issued certificates.
@item @code{server} (default: @code{#f})
Optional URL of ACME server. Setting this overrides certbot's default,
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 5643340799..1c67ff63f1 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -71,7 +71,8 @@
(default "/var/www"))
(certificates certbot-configuration-certificates
(default '()))
- (email certbot-configuration-email)
+ (email certbot-configuration-email
+ (default #f))
(server certbot-configuration-server
(default #f))
(rsa-key-size certbot-configuration-rsa-key-size
@@ -99,12 +100,14 @@
(if challenge
(append
(list name certbot "certonly" "-n" "--agree-tos"
- "-m" email
"--manual"
(string-append "--preferred-challenges=" challenge)
"--cert-name" name
"--manual-public-ip-logging-ok"
"-d" (string-join domains ","))
+ (if email
+ `("--email" ,email)
+ '("--register-unsafely-without-email"))
(if server `("--server" ,server) '())
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
(if authentication-hook
@@ -114,10 +117,12 @@
(if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
(append
(list name certbot "certonly" "-n" "--agree-tos"
- "-m" email
"--webroot" "-w" webroot
"--cert-name" name
"-d" (string-join domains ","))
+ (if email
+ `("--email" ,email)
+ '("--register-unsafely-without-email"))
(if server `("--server" ,server) '())
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
(if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
--
2.28.0
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#43333] [PATCH] services: certbot: Support registration without email. |
Date: |
Sun, 13 Sep 2020 23:20:48 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi Timotej,
Timotej Lazar <timotej.lazar@araneo.si> skribis:
> * gnu/services/certbot.scm (certbot-configuration): Add default for the
> email option.
> (certbot-command): Pass email for registration only when specified.
> * doc/guix.texi (Certificate Services): "mandatory"→"optional" email.
> ---
> Allow registering a Let’s Encrypt account without an email address,
> which is dicouraged but possible. I tried factoring out the common
> options for HTTP/manual challenges but it turned out quite messy, so I
> just added the option for both cases.
Good. Applied, thanks!
Ludo’.
--- End Message ---