GNU bug report logs - #43333
[PATCH] services: certbot: Support registration without email.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 43333 in the body.
You can then email your comments to 43333 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Timotej Lazar <timotej.lazar <at> araneo.si>
To: guix-patches <at> gnu.org
Cc: Timotej Lazar <timotej.lazar <at> araneo.si>
Subject: [PATCH] services: certbot: Support registration without email.
Date: Fri, 11 Sep 2020 13:55:55 +0200

* gnu/services/certbot.scm (certbot-configuration): Add default for the
email option.
(certbot-command): Pass email for registration only when specified.
* doc/guix.texi (Certificate Services): "mandatory"→"optional" email.
---
Allow registering a Let’s Encrypt account without an email address,
which is dicouraged but possible. I tried factoring out the common
options for HTTP/manual challenges but it turned out quite messy, so I
just added the option for both cases.

Thanks!

 doc/guix.texi            |  7 ++++---
 gnu/services/certbot.scm | 11 ++++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index bad2d36e42..a8e7b27349 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -22469,9 +22469,10 @@ A list of @code{certificates-configuration}s for which to generate
 certificates and request signatures.  Each certificate has a @code{name}
 and several @code{domains}.
 
-@item @code{email}
-Mandatory email used for registration, recovery contact, and important
-account notifications.
+@item @code{email} (default: @code{#f})
+Optional email address used for registration and recovery contact.
+Setting this is encouraged as it allows you to receive important
+notifications about the account and issued certificates.
 
 @item @code{server} (default: @code{#f})
 Optional URL of ACME server.  Setting this overrides certbot's default,
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 5643340799..1c67ff63f1 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -71,7 +71,8 @@
                        (default "/var/www"))
   (certificates        certbot-configuration-certificates
                        (default '()))
-  (email               certbot-configuration-email)
+  (email               certbot-configuration-email
+                       (default #f))
   (server              certbot-configuration-server
                        (default #f))
   (rsa-key-size        certbot-configuration-rsa-key-size
@@ -99,12 +100,14 @@
                    (if challenge
                      (append
                       (list name certbot "certonly" "-n" "--agree-tos"
-                            "-m" email
                             "--manual"
                             (string-append "--preferred-challenges=" challenge)
                             "--cert-name" name
                             "--manual-public-ip-logging-ok"
                             "-d" (string-join domains ","))
+                      (if email
+                          `("--email" ,email)
+                          '("--register-unsafely-without-email"))
                       (if server `("--server" ,server) '())
                       (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
                       (if authentication-hook
@@ -114,10 +117,12 @@
                       (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
                      (append
                       (list name certbot "certonly" "-n" "--agree-tos"
-                            "-m" email
                             "--webroot" "-w" webroot
                             "--cert-name" name
                             "-d" (string-join domains ","))
+                      (if email
+                          `("--email" ,email)
+                          '("--register-unsafely-without-email"))
                       (if server `("--server" ,server) '())
                       (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
                       (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
-- 
2.28.0

Message #10 received at 43333-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Timotej Lazar <timotej.lazar <at> araneo.si>
Cc: 43333-done <at> debbugs.gnu.org
Subject: Re: [bug#43333] [PATCH] services: certbot: Support registration
 without email.
Date: Sun, 13 Sep 2020 23:20:48 +0200

Hi Timotej,

Timotej Lazar <timotej.lazar <at> araneo.si> skribis:

> * gnu/services/certbot.scm (certbot-configuration): Add default for the
> email option.
> (certbot-command): Pass email for registration only when specified.
> * doc/guix.texi (Certificate Services): "mandatory"→"optional" email.
> ---
> Allow registering a Let’s Encrypt account without an email address,
> which is dicouraged but possible. I tried factoring out the common
> options for HTTP/manual challenges but it turned out quite messy, so I
> just added the option for both cases.

Good.  Applied, thanks!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.