Deal with ACME challenges for certbot (letsencrypt)

diff --git a/Site.js b/Site.js
index 7773fce..57e1f02 100644 (file)
--- a/Site.js
+++ b/Site.js
@@ -63,7 +63,8 @@ let Site = function(resources, root, options/*, prev_site*/) {
         '.woff': 'font/woff',
         '.woff2': 'font/woff2',
         '.xml': 'text/xml; charset=utf-8'
-      }
+      },
+      certbot_webroot: '/var/www/html'
     },
     options || {}
   )
@@ -596,6 +597,23 @@ Site.prototype.respond = async function(env) {
     assert(components[0].length == 0)
     components = components.slice(1)
   }
+
+  // deal with ACME challenges for certbot (letsencrypt)
+  if (components[0] === '.well-known') {
+    // build path, ensuring that remaining components are safe
+    pathname = `${this.options.certbot_webroot}/.well-known`
+    for (let i = 1; i < components.length; ++i) {
+      if (components[i].charAt(0) == '.') {
+        this.die(env, `bad component "${components[i]}" in ${env.parsed_url.pathname}`)
+        return
+      }
+      pathname = `${pathname}/${components[i]}`
+    }
+
+    // use serve_fs() because challenge files have no extension
+    return /*await*/ this.serve_fs(env, pathname)
+  }
+
   return /*await*/ this.serve_path(env, this.root, components)
 }