From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Sun, 3 May 2020 16:05:29 +0000 (+0200)
Subject: DNS Challenge: add validation-delay plugin option
X-Git-Url: https://git.proxmox.com/?p=proxmox-acme.git;a=commitdiff_plain;h=4317ba99376344549a8a4f82d14db53a59e83cbc

DNS Challenge: add validation-delay plugin option

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm
index b3fc069..2b4f051 100644
--- a/src/PVE/ACME/DNSChallenge.pm
+++ b/src/PVE/ACME/DNSChallenge.pm
@@ -134,6 +134,17 @@ sub properties {
 	    type => 'string',
 	    description => 'DNS plugin data.',
 	},
+	'validation-delay' => {
+	    type => 'integer',
+	    description => 'Extra delay in seconds to wait before requesting validation.'
+	        .' Allows to cope with a long TTL of DNS records.',
+	    # low default, but our bet is that the acme-challenge domain isn't
+	    # cached at all, so it hopefully shouldn't run into TTL issues
+	    default => 30,
+	    optional => 1,
+	    minimum => 0,
+	    maximum => 2 * 24 * 60 * 60,
+	}
     };
 }
 
@@ -143,6 +154,7 @@ sub options {
 	data => { optional => 1 },
 	nodes => { optional => 1 },
 	disable => { optional => 1 },
+	'validation-delay' => { optional => 1 },
     };
 }
 
@@ -188,6 +200,15 @@ sub setup {
 
     my $domain = $proxmox_acme_command->($self, $acme, $auth, $data, 'setup');
     print "Add TXT record: _acme-challenge.$domain\n";
+
+    # FIXME: probe ourself for propagation of TXT record, while not 100%
+    # failsafe it's good enough of a heuristic to do away with fixed sleep
+    # intervalls - original acme.sh employs that heuristic too.
+    my $delay = $data->{'validation-delay'} // 30;
+    if ($delay > 0) {
+	print "Sleeping $delay seconds to wait for TXT record propagation\n";
+	sleep($delay); # don't care for EINTR
+    }
 }
 
 sub teardown {