https: Only create ACMEClient if it's actually going to be used

Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.

https: Only create ACMEClient if it's actually going to be used
Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.
04c7c442 · Matthew Holt · 7bd2adf0 · 04c7c442 · 04c7c442 · 04c7c442
Commit 04c7c442 authored Feb 11, 2016 by Matthew Holt
Show whitespace changes
Inline Side-by-side

Showing with 13 additions and 25 deletions

caddy/caddy_test.go caddy/caddy_test.go +0 -11

caddy/https/https.go caddy/https/https.go +1 -6

caddy/https/maintain.go caddy/https/maintain.go +12 -8

No files found.
--- a/caddy/caddy_test.go
+++ b/caddy/caddy_test.go
@@ -4,20 +4,9 @@ import (
 	"net/http"
 	"testing"
 	"time"
-
-	"github.com/mholt/caddy/caddy/https"
-	"github.com/xenolf/lego/acme"
 )

 func TestCaddyStartStop(t *testing.T) {
-	// Use fake ACME clients for testing
-	https.NewACMEClient = func(email string, allowPrompts bool) (*https.ACMEClient, error) {
-		return &https.ACMEClient{
-			Client:       new(acme.Client),
-			AllowPrompts: allowPrompts,
-		}, nil
-	}
-
 	caddyfile := "localhost:1984"

 	for i := 0; i < 2; i++ {

--- a/caddy/https/https.go
+++ b/caddy/https/https.go
@@ -68,12 +68,7 @@ func Activate(configs []server.Config) ([]server.Config, error) {
 	// the renewal ticker is reset, so if restarts happen more often than
 	// the ticker interval, renewals would never happen. but doing
 	// it right away at start guarantees that renewals aren't missed.
-	client, err := NewACMEClient("", true) // renewals don't use email
-	if err != nil {
-		return configs, err
-	}
-	client.Configure("")
-	err = renewManagedCertificates(client)
+	err = renewManagedCertificates(true)
 	if err != nil {
 		return configs, err
 	}

--- a/caddy/https/maintain.go
+++ b/caddy/https/maintain.go
@@ -24,13 +24,7 @@ func maintainAssets(stopChan chan struct{}) {
 		select {
 		case <-renewalTicker.C:
 			log.Println("[INFO] Scanning for expiring certificates")
-			client, err := NewACMEClient("", false) // renewals don't use email
-			if err != nil {
-				log.Printf("[ERROR] Creating client for renewals: %v", err)
-				continue
-			}
-			client.Configure("") // TODO: Bind address of relevant listener, yuck
-			renewManagedCertificates(client)
+			renewManagedCertificates(false)
 			log.Println("[INFO] Done checking certificates")
 		case <-ocspTicker.C:
 			log.Println("[INFO] Scanning for stale OCSP staples")
@@ -45,8 +39,9 @@ func maintainAssets(stopChan chan struct{}) {
 	}
 }

-func renewManagedCertificates(client *ACMEClient) error {
+func renewManagedCertificates(allowPrompts bool) (err error) {
 	var renewed, deleted []Certificate
+	var client *ACMEClient
 	visitedNames := make(map[string]struct{})

 	certCacheMu.RLock()
@@ -73,6 +68,15 @@ func renewManagedCertificates(client *ACMEClient) error {
 		timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 		if timeLeft < renewDurationBefore {
 			log.Printf("[INFO] Certificate for %v expires in %v; attempting renewal", cert.Names, timeLeft)
+
+			if client == nil {
+				client, err = NewACMEClient("", allowPrompts) // renewals don't use email
+				if err != nil {
+					return err
+				}
+				client.Configure("") // TODO: Bind address of relevant listener, yuck
+			}
+
 			err := client.Renew(cert.Names[0]) // managed certs better have only one name
 			if err != nil {
 				if client.AllowPrompts {