Allow & document --preferred-challenges dns,http

2026-06-08 00:02:14 -04:00 · 2016-09-21 16:17:31 -07:00 · 2016-09-21 16:17:31 -07:00 · 107a3e6aa9
commit 107a3e6aa9
parent 6c066ef10c
2 changed files with 13 additions and 8 deletions
--- a/certbot/cli.py
+++ b/certbot/cli.py
@ -852,9 +852,11 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False):  # pylint: dis
        dest="pref_challs", action=_PrefChallAction, default=[],
        help="A sorted, comma delimited list of the preferred challenge to "
             "use during authorization with the most preferred challenge "
-             'listed first. Eg, "dns-01" or "tls-sni-01,http-01,dns-01").'
+             'listed first. Eg, "dns" or "tls-sni-01,http,dns").'
             ' Not all plugins support all challenges. See '
-             'https://certbot.eff.org/docs/using.html#plugins for details.')
+             'https://certbot.eff.org/docs/using.html#plugins for details.'
+             ' Challenges are versioned, but if you pick "http" rather than'
+             ' "http-01", Certbot will select the latest version automatically.' )
    helpful.add(
        "renew", "--pre-hook",
        help="Command to be run in a shell before obtaining any certificates."
@ -1048,7 +1050,9 @@ class _PrefChallAction(argparse.Action):
    """Action class for parsing preferred challenges."""

    def __call__(self, parser, namespace, pref_challs, option_string=None):
+        aliases = {"dns": "dns-01", "http": "http-01", "tls-sni": "tls-sni-01"}
        challs = [c.strip() for c in pref_challs.split(",")]
+        challs = [aliases[c] if c in aliases else c for c in challs]
        unrecognized = ", ".join(name for name in challs
                                 if name not in challenges.Challenge.TYPES)
        if unrecognized:
--- a/docs/using.rst
+++ b/docs/using.rst
@ -281,16 +281,17 @@ manual_     Y    N    | Helps you obtain a cert by giving you instructions to pe
 nginx_      Y    Y    | Very experimental and not included in certbot-auto_.          tls-sni-01_ (443)
 =========== ==== ==== =============================================================== =============================

-Under the hood, plugins use one of several "Challenge Types" to prove you control a domain.
-The options are http-01_ (which uses port 80), tls-sni-01_ (port 443) and dns-01_
-(requring configuration of a DNS server on port 53, thought that's often not
-the same machine as your webserver). A few plugins support more than one
-challenge type, in which case you can choose one with
-``--preferred-challenges``.
+Under the hood, plugins use one of several ACME protocol "Challenges_" to
+prove you control a domain.  The options are http-01_ (which uses port 80),
+tls-sni-01_ (port 443) and dns-01_ (requring configuration of a DNS server on
+port 53, thought that's often not the same machine as your webserver). A few
+plugins support more than one challenge type, in which case you can choose one
+with ``--preferred-challenges``.

 There are also many third-party-plugins_ available. Below we describe in more detail
 the circumstances in which each plugin can be used, and how to use it.

+.. _Challenges: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7
 .. _tls-sni-01: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.3
 .. _http-01: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.2
 .. _dns-01: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.4