mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
https: Only create ACMEClient if it's actually going to be used
Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.
This commit is contained in:
parent
7bd2adf0dc
commit
04c7c442c5
3 changed files with 13 additions and 25 deletions
|
@ -4,20 +4,9 @@ import (
|
|||
"net/http"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/mholt/caddy/caddy/https"
|
||||
"github.com/xenolf/lego/acme"
|
||||
)
|
||||
|
||||
func TestCaddyStartStop(t *testing.T) {
|
||||
// Use fake ACME clients for testing
|
||||
https.NewACMEClient = func(email string, allowPrompts bool) (*https.ACMEClient, error) {
|
||||
return &https.ACMEClient{
|
||||
Client: new(acme.Client),
|
||||
AllowPrompts: allowPrompts,
|
||||
}, nil
|
||||
}
|
||||
|
||||
caddyfile := "localhost:1984"
|
||||
|
||||
for i := 0; i < 2; i++ {
|
||||
|
|
|
@ -68,12 +68,7 @@ func Activate(configs []server.Config) ([]server.Config, error) {
|
|||
// the renewal ticker is reset, so if restarts happen more often than
|
||||
// the ticker interval, renewals would never happen. but doing
|
||||
// it right away at start guarantees that renewals aren't missed.
|
||||
client, err := NewACMEClient("", true) // renewals don't use email
|
||||
if err != nil {
|
||||
return configs, err
|
||||
}
|
||||
client.Configure("")
|
||||
err = renewManagedCertificates(client)
|
||||
err = renewManagedCertificates(true)
|
||||
if err != nil {
|
||||
return configs, err
|
||||
}
|
||||
|
|
|
@ -24,13 +24,7 @@ func maintainAssets(stopChan chan struct{}) {
|
|||
select {
|
||||
case <-renewalTicker.C:
|
||||
log.Println("[INFO] Scanning for expiring certificates")
|
||||
client, err := NewACMEClient("", false) // renewals don't use email
|
||||
if err != nil {
|
||||
log.Printf("[ERROR] Creating client for renewals: %v", err)
|
||||
continue
|
||||
}
|
||||
client.Configure("") // TODO: Bind address of relevant listener, yuck
|
||||
renewManagedCertificates(client)
|
||||
renewManagedCertificates(false)
|
||||
log.Println("[INFO] Done checking certificates")
|
||||
case <-ocspTicker.C:
|
||||
log.Println("[INFO] Scanning for stale OCSP staples")
|
||||
|
@ -45,8 +39,9 @@ func maintainAssets(stopChan chan struct{}) {
|
|||
}
|
||||
}
|
||||
|
||||
func renewManagedCertificates(client *ACMEClient) error {
|
||||
func renewManagedCertificates(allowPrompts bool) (err error) {
|
||||
var renewed, deleted []Certificate
|
||||
var client *ACMEClient
|
||||
visitedNames := make(map[string]struct{})
|
||||
|
||||
certCacheMu.RLock()
|
||||
|
@ -73,6 +68,15 @@ func renewManagedCertificates(client *ACMEClient) error {
|
|||
timeLeft := cert.NotAfter.Sub(time.Now().UTC())
|
||||
if timeLeft < renewDurationBefore {
|
||||
log.Printf("[INFO] Certificate for %v expires in %v; attempting renewal", cert.Names, timeLeft)
|
||||
|
||||
if client == nil {
|
||||
client, err = NewACMEClient("", allowPrompts) // renewals don't use email
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
client.Configure("") // TODO: Bind address of relevant listener, yuck
|
||||
}
|
||||
|
||||
err := client.Renew(cert.Names[0]) // managed certs better have only one name
|
||||
if err != nil {
|
||||
if client.AllowPrompts {
|
||||
|
|
Loading…
Reference in a new issue