Make LetsEncrypt order expiration shorter

004c6481 · Vladimir Shushlin · 4035dda6 · 004c6481 · 004c6481 · 004c6481
Commit 004c6481 authored Dec 12, 2019 by Vladimir Shushlin
3 changed files
--- a/app/services/pages_domains/create_acme_order_service.rb
+++ b/app/services/pages_domains/create_acme_order_service.rb
@@ -3,6 +3,9 @@
 module PagesDomains
  class CreateAcmeOrderService
    attr_reader :pages_domain
+    # TODO: remove this hack after https://gitlab.com/gitlab-org/gitlab/issues/30146 is implemented
+    # This makes GitLab automatically retry the certificate obtaining process every 2 hours if process wasn't finished
+    SHORT_EXPIRATION_DELAY = 2.hours

    def initialize(pages_domain)
      @pages_domain = pages_domain
@@ -17,7 +20,7 @@ module PagesDomains
      private_key = OpenSSL::PKey::RSA.new(4096)
      saved_order = pages_domain.acme_orders.create!(
        url: order.url,
-        expires_at: order.expires,
+        expires_at: [order.expires, SHORT_EXPIRATION_DELAY.from_now].min,
        private_key: private_key.to_pem,

        challenge_token: challenge.token,

--- a/changelogs/unreleased/acme-order-short-expiration.yml
+++ b/changelogs/unreleased/acme-order-short-expiration.yml
+---
+title: Retry obtaining Let's Encrypt certificates every 2 hours if it wasn't successful
+merge_request: 22336
+author:
+type: fixed
--- a/spec/services/pages_domains/create_acme_order_service_spec.rb
+++ b/spec/services/pages_domains/create_acme_order_service_spec.rb
@@ -45,12 +45,34 @@ describe PagesDomains::CreateAcmeOrderService do
    expect { OpenSSL::PKey::RSA.new(saved_order.private_key) }.not_to raise_error
  end

-  it 'properly saves order attributes' do
+  it 'properly saves order url' do
    service.execute

    saved_order = PagesDomainAcmeOrder.last
    expect(saved_order.url).to eq(order_double.url)
-    expect(saved_order.expires_at).to be_like_time(order_double.expires)
+  end
+
+  context 'when order expires in 2 days' do
+    it 'sets expiration time in 2 hours' do
+      Timecop.freeze do
+        service.execute
+
+        saved_order = PagesDomainAcmeOrder.last
+        expect(saved_order.expires_at).to be_like_time(2.hours.from_now)
+      end
+    end
+  end
+
+  context 'when order expires in an hour' do
+    it 'sets expiration time accordingly to order' do
+      Timecop.freeze do
+        allow(order_double).to receive(:expires).and_return(1.hour.from_now)
+        service.execute
+
+        saved_order = PagesDomainAcmeOrder.last
+        expect(saved_order.expires_at).to be_like_time(1.hour.from_now)
+      end
+    end
  end

  it 'properly saves challenge attributes' do