From b4bfa29be2191ffacfa4ed747bd5cdce8da8917f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 5 Jan 2022 17:55:09 -0700 Subject: [PATCH] admin: Require identity for remote (fix #4478) --- admin.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/admin.go b/admin.go index 6960de52..0a7b9330 100644 --- a/admin.go +++ b/admin.go @@ -466,6 +466,9 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { } // create TLS config that will enforce mutual authentication + if identityCertCache == nil { + return fmt.Errorf("cannot enable remote admin without a certificate cache; configure identity management to initialize a certificate cache") + } cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false) tlsConfig := cmCfg.TLSConfig() tlsConfig.NextProtos = nil // this server does not solve ACME challenges