3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/autocert: re-use cert if renewing failed but cert not expired

Browse source 
Fixes #1232
This commit is contained in:
Cuong Manh Le 2020-08-10 08:00:35 +07:00
parent dbfc476013
commit 3c23164347
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/autocert/manager.go
View file

@ -7,6 +7,7 @@ import (
"net/http" "net/http"
"sort" "sort"
"sync" "sync"
"time"
"github.com/caddyserver/certmagic" "github.com/caddyserver/certmagic"
@ -105,11 +106,15 @@ func (mgr *Manager) updateAutocert(cfg *config.Config) error {
cert, err = cm.CacheManagedCertificate(domain) cert, err = cm.CacheManagedCertificate(domain)
} }
if err == nil && cert.NeedsRenewal(cm) { if err == nil && cert.NeedsRenewal(cm) {
expired := time.Now().After(cert.Leaf.NotAfter)
log.Info().Str("domain", domain).Msg("renewing certificate") log.Info().Str("domain", domain).Msg("renewing certificate")
err = cm.RenewCert(context.Background(), domain, false) err = cm.RenewCert(context.Background(), domain, false)
if err != nil { if err != nil && expired {
return fmt.Errorf("autocert: failed to renew client certificate: %w", err) return fmt.Errorf("autocert: failed to renew client certificate: %w", err)
} }
if !expired {
log.Warn().Err(err).Msg("renew client certificated failed, use existing cert")
}
cert, err = cm.CacheManagedCertificate(domain) cert, err = cm.CacheManagedCertificate(domain)
} }
if err == nil { if err == nil {