I have no idea why this doesn't work

This commit is contained in:
Melon 2023-07-16 16:37:07 +01:00
parent 572325f7bf
commit cfb2fd6fcb
Signed by: melon
GPG Key ID: 6C9D970C50D26A25

View File

@ -69,11 +69,12 @@ type Service struct {
certDir string certDir string
keyDir string keyDir string
insecure bool insecure bool
client *lego.Client
} }
// NewService creates a new certificate renewal service. // NewService creates a new certificate renewal service.
func NewService(wg *sync.WaitGroup, db *sql.DB, httpAcme challenge.Provider, leConfig LetsEncryptConfig, certDir, keyDir string) (*Service, error) { func NewService(wg *sync.WaitGroup, db *sql.DB, httpAcme challenge.Provider, leConfig LetsEncryptConfig, certDir, keyDir string) (*Service, error) {
r := &Service{ s := &Service{
db: db, db: db,
httpAcme: httpAcme, httpAcme: httpAcme,
certTicker: time.NewTicker(time.Minute * 10), certTicker: time.NewTicker(time.Minute * 10),
@ -98,28 +99,35 @@ func NewService(wg *sync.WaitGroup, db *sql.DB, httpAcme challenge.Provider, leC
} }
// load lets encrypt private key // load lets encrypt private key
err = r.resolveLEPrivKey(leConfig.Account.PrivateKey) err = s.resolveLEPrivKey(leConfig.Account.PrivateKey)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to resolve LetsEncrypt account private key: %w", err) return nil, fmt.Errorf("failed to resolve LetsEncrypt account private key: %w", err)
} }
// init domains table // init domains table
_, err = r.db.Exec(createTableCertificates) _, err = s.db.Exec(createTableCertificates)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to create certificates table: %w", err) return nil, fmt.Errorf("failed to create certificates table: %w", err)
} }
// resolve CA information // resolve CA information
r.resolveCADirectory(leConfig.Directory) s.resolveCADirectory(leConfig.Directory)
err = r.resolveCACertificate(leConfig.Certificate) err = s.resolveCACertificate(leConfig.Certificate)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to resolve CA certificate: %w", err) return nil, fmt.Errorf("failed to resolve CA certificate: %w", err)
} }
// setup client for requesting a new certificate
client, err := s.setupLegoClient()
if err != nil {
return nil, fmt.Errorf("failed to generate a client: %w", err)
}
s.client = client
// start the background routine // start the background routine
wg.Add(1) wg.Add(1)
go r.renewalRoutine(wg) go s.renewalRoutine(wg)
return r, nil return s, nil
} }
// Shutdown the renewal service. // Shutdown the renewal service.
@ -328,7 +336,7 @@ func (s *Service) fetchDomains(localData *localCertData) ([]string, error) {
return domains, nil return domains, nil
} }
func (s *Service) setupLegoClient(localData *localCertData) (*lego.Client, error) { func (s *Service) setupLegoClient() (*lego.Client, error) {
// create lego config and change the certificate authority directory URL and the // create lego config and change the certificate authority directory URL and the
// http.Client transport if an alternative is provided // http.Client transport if an alternative is provided
config := lego.NewConfig(s.leAccount) config := lego.NewConfig(s.leAccount)
@ -346,25 +354,8 @@ func (s *Service) setupLegoClient(localData *localCertData) (*lego.Client, error
// set http challenge provider // set http challenge provider
_ = client.Challenge.SetHTTP01Provider(s.httpAcme) _ = client.Challenge.SetHTTP01Provider(s.httpAcme)
// if testDnsOptions is defined then set up the test provider
if testDnsOptions != nil {
// set up the dns provider used during tests and disable propagation as no dns
// will validate these tests
dnsAddr := testDnsOptions.GetDnsAddrs()
log.Printf("Using testDnsOptions with DNS server: %v\n", dnsAddr)
_ = client.Challenge.SetDNS01Provider(testDnsOptions, dns01.AddRecursiveNameservers(dnsAddr), dns01.DisableCompletePropagationRequirement())
} else if localData.dns.name.Valid && localData.dns.token.Valid {
// if the dns name and token are "valid" meaning non-null in this case
// set up the specific dns provider requested
dnsProv, err := s.getDnsProvider(localData.dns.name.String, localData.dns.token.String)
if err != nil {
return nil, fmt.Errorf("failed to resolve dns provider: %w", err)
}
_ = client.Challenge.SetDNS01Provider(dnsProv)
}
// make sure the LetsEncrypt account is registered // make sure the LetsEncrypt account is registered
register, err := client.Registration.UpdateRegistration(registration.RegisterOptions{TermsOfServiceAgreed: true}) register, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to update account registration: %w", err) return nil, fmt.Errorf("failed to update account registration: %w", err)
} }
@ -476,14 +467,28 @@ func (s *Service) renewCertInternal(localData *localCertData) (*x509.Certificate
return nil, nil, fmt.Errorf("failed to update cert: %w", err) return nil, nil, fmt.Errorf("failed to update cert: %w", err)
} }
// setup client for requesting a new certificate // remove old dns challenge
client, err := s.setupLegoClient(localData) s.client.Challenge.Remove(challenge.DNS01)
// if testDnsOptions is defined then set up the test provider
if testDnsOptions != nil {
// set up the dns provider used during tests and disable propagation as no dns
// will validate these tests
dnsAddr := testDnsOptions.GetDnsAddrs()
log.Printf("Using testDnsOptions with DNS server: %v\n", dnsAddr)
_ = s.client.Challenge.SetDNS01Provider(testDnsOptions, dns01.AddRecursiveNameservers(dnsAddr), dns01.DisableCompletePropagationRequirement())
} else if localData.dns.name.Valid && localData.dns.token.Valid {
// if the dns name and token are "valid" meaning non-null in this case
// set up the specific dns provider requested
dnsProv, err := s.getDnsProvider(localData.dns.name.String, localData.dns.token.String)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("failed to generate a client: %w", err) return nil, nil, fmt.Errorf("failed to resolve dns provider: %w", err)
}
_ = s.client.Challenge.SetDNS01Provider(dnsProv)
} }
// obtain new certificate - this call will hang until a certificate is ready // obtain new certificate - this call will hang until a certificate is ready
obtain, err := client.Certificate.Obtain(certificate.ObtainRequest{ obtain, err := s.client.Certificate.Obtain(certificate.ObtainRequest{
Domains: domains, Domains: domains,
PrivateKey: privKey, PrivateKey: privKey,
Bundle: true, Bundle: true,
@ -509,7 +514,7 @@ func (s *Service) renewCertInternal(localData *localCertData) (*x509.Certificate
} }
// setRenewing sets the renewing and failed states in the database for a // setRenewing sets the renewing and failed states in the database for a
// specified certifcate id. // specified certificate id.
func (s *Service) setRenewing(id uint64, renewing, failed bool) { func (s *Service) setRenewing(id uint64, renewing, failed bool) {
_, err := s.db.Exec("UPDATE certificates SET renewing = ?, renew_failed = ? WHERE id = ?", renewing, failed, id) _, err := s.db.Exec("UPDATE certificates SET renewing = ?, renew_failed = ? WHERE id = ?", renewing, failed, id)
if err != nil { if err != nil {