Fix acme renew panic

Signed-off-by: Emile Vauge <emile@vauge.com>
This commit is contained in:
Emile Vauge 2016-03-31 13:43:48 +02:00
parent 733cbb5304
commit af41c79798
No known key found for this signature in database
GPG key ID: D808B4C167352E59

View file

@ -142,6 +142,22 @@ type DomainsCertificate struct {
tlsCert *tls.Certificate tlsCert *tls.Certificate
} }
func (dc *DomainsCertificate) needRenew() bool {
for _, c := range dc.tlsCert.Certificate {
crt, err := x509.ParseCertificate(c)
if err != nil {
// If there's an error, we assume the cert is broken, and needs update
return true
}
// <= 7 days left, renew certificate
if crt.NotAfter.Before(time.Now().Add(time.Duration(24 * 7 * time.Hour))) {
return true
}
}
return false
}
// ACME allows to connect to lets encrypt and retrieve certs // ACME allows to connect to lets encrypt and retrieve certs
type ACME struct { type ACME struct {
Email string Email string
@ -289,8 +305,7 @@ func (a *ACME) retrieveCertificates(client *acme.Client, account *Account) {
func (a *ACME) renewCertificates(client *acme.Client, account *Account) error { func (a *ACME) renewCertificates(client *acme.Client, account *Account) error {
for _, certificateResource := range account.DomainsCertificate.Certs { for _, certificateResource := range account.DomainsCertificate.Certs {
// <= 7 days left, renew certificate if certificateResource.needRenew() {
if certificateResource.tlsCert.Leaf.NotAfter.Before(time.Now().Add(time.Duration(24 * 7 * time.Hour))) {
log.Debugf("Renewing certificate %+v", certificateResource.Domains) log.Debugf("Renewing certificate %+v", certificateResource.Domains)
renewedCert, err := client.RenewCertificate(acme.CertificateResource{ renewedCert, err := client.RenewCertificate(acme.CertificateResource{
Domain: certificateResource.Certificate.Domain, Domain: certificateResource.Certificate.Domain,