Commit 04c7c442 authored by Matthew Holt's avatar Matthew Holt

https: Only create ACMEClient if it's actually going to be used

Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.
parent 7bd2adf0
......@@ -4,20 +4,9 @@ import (
"net/http"
"testing"
"time"
"github.com/mholt/caddy/caddy/https"
"github.com/xenolf/lego/acme"
)
func TestCaddyStartStop(t *testing.T) {
// Use fake ACME clients for testing
https.NewACMEClient = func(email string, allowPrompts bool) (*https.ACMEClient, error) {
return &https.ACMEClient{
Client: new(acme.Client),
AllowPrompts: allowPrompts,
}, nil
}
caddyfile := "localhost:1984"
for i := 0; i < 2; i++ {
......
......@@ -68,12 +68,7 @@ func Activate(configs []server.Config) ([]server.Config, error) {
// the renewal ticker is reset, so if restarts happen more often than
// the ticker interval, renewals would never happen. but doing
// it right away at start guarantees that renewals aren't missed.
client, err := NewACMEClient("", true) // renewals don't use email
if err != nil {
return configs, err
}
client.Configure("")
err = renewManagedCertificates(client)
err = renewManagedCertificates(true)
if err != nil {
return configs, err
}
......
......@@ -24,13 +24,7 @@ func maintainAssets(stopChan chan struct{}) {
select {
case <-renewalTicker.C:
log.Println("[INFO] Scanning for expiring certificates")
client, err := NewACMEClient("", false) // renewals don't use email
if err != nil {
log.Printf("[ERROR] Creating client for renewals: %v", err)
continue
}
client.Configure("") // TODO: Bind address of relevant listener, yuck
renewManagedCertificates(client)
renewManagedCertificates(false)
log.Println("[INFO] Done checking certificates")
case <-ocspTicker.C:
log.Println("[INFO] Scanning for stale OCSP staples")
......@@ -45,8 +39,9 @@ func maintainAssets(stopChan chan struct{}) {
}
}
func renewManagedCertificates(client *ACMEClient) error {
func renewManagedCertificates(allowPrompts bool) (err error) {
var renewed, deleted []Certificate
var client *ACMEClient
visitedNames := make(map[string]struct{})
certCacheMu.RLock()
......@@ -73,6 +68,15 @@ func renewManagedCertificates(client *ACMEClient) error {
timeLeft := cert.NotAfter.Sub(time.Now().UTC())
if timeLeft < renewDurationBefore {
log.Printf("[INFO] Certificate for %v expires in %v; attempting renewal", cert.Names, timeLeft)
if client == nil {
client, err = NewACMEClient("", allowPrompts) // renewals don't use email
if err != nil {
return err
}
client.Configure("") // TODO: Bind address of relevant listener, yuck
}
err := client.Renew(cert.Names[0]) // managed certs better have only one name
if err != nil {
if client.AllowPrompts {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment