3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 00:40:25 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/autocert: re-use cert if renewing failed but cert not expired

Browse source 
Fixes #1232
This commit is contained in:
Cuong Manh Le 2020-08-10 08:00:35 +07:00
parent dbfc476013
commit 3c23164347
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/autocert/manager.go
View file

@ -7,6 +7,7 @@ import (
"net/http"
"sort"
"sync"
"time"
"github.com/caddyserver/certmagic"
@ -105,11 +106,15 @@ func (mgr *Manager) updateAutocert(cfg *config.Config) error {
cert, err = cm.CacheManagedCertificate(domain)
}
if err == nil && cert.NeedsRenewal(cm) {
expired := time.Now().After(cert.Leaf.NotAfter)
log.Info().Str("domain", domain).Msg("renewing certificate")
err = cm.RenewCert(context.Background(), domain, false)
if err != nil {
if err != nil && expired {
return fmt.Errorf("autocert: failed to renew client certificate: %w", err)
}
if !expired {
log.Warn().Err(err).Msg("renew client certificated failed, use existing cert")
}
cert, err = cm.CacheManagedCertificate(domain)
}
if err == nil {