From d73c7ccf506ee9c336e0c7aa3d45656b175a4218 Mon Sep 17 00:00:00 2001
From: Douglas De Toni Machado <douglas@containo.us>
Date: Wed, 8 Jul 2020 07:54:04 -0300
Subject: [PATCH] Fix triggering multiple concurrent requests to ACME

---
 pkg/provider/acme/provider.go | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go
index d6acab0de..33f234e28 100644
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@@ -426,13 +426,11 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
 		return nil, err
 	}
 
-	// Check provided certificates
+	// Check if provided certificates are not already in progress and lock them if needed
 	uncheckedDomains := p.getUncheckedDomains(ctx, domains, tlsStore)
 	if len(uncheckedDomains) == 0 {
 		return nil, nil
 	}
-
-	p.addResolvingDomains(uncheckedDomains)
 	defer p.removeResolvingDomains(uncheckedDomains)
 
 	logger := log.FromContext(ctx)
@@ -481,15 +479,6 @@ func (p *Provider) removeResolvingDomains(resolvingDomains []string) {
 	}
 }
 
-func (p *Provider) addResolvingDomains(resolvingDomains []string) {
-	p.resolvingDomainsMutex.Lock()
-	defer p.resolvingDomainsMutex.Unlock()
-
-	for _, domain := range resolvingDomains {
-		p.resolvingDomains[domain] = struct{}{}
-	}
-}
-
 func (p *Provider) addCertificateForDomain(domain types.Domain, certificate, key []byte, tlsStore string) {
 	p.certsChan <- &CertAndStore{Certificate: Certificate{Certificate: certificate, Key: key, Domain: domain}, Store: tlsStore}
 }
@@ -656,8 +645,8 @@ func (p *Provider) renewCertificates(ctx context.Context) {
 // Get provided certificate which check a domains list (Main and SANs)
 // from static and dynamic provided certificates.
 func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []string, tlsStore string) []string {
-	p.resolvingDomainsMutex.RLock()
-	defer p.resolvingDomainsMutex.RUnlock()
+	p.resolvingDomainsMutex.Lock()
+	defer p.resolvingDomainsMutex.Unlock()
 
 	log.FromContext(ctx).Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck)
 
@@ -673,7 +662,14 @@ func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []str
 		allDomains = append(allDomains, domain)
 	}
 
-	return searchUncheckedDomains(ctx, domainsToCheck, allDomains)
+	uncheckedDomains := searchUncheckedDomains(ctx, domainsToCheck, allDomains)
+
+	// Lock domains that will be resolved by this routine
+	for _, domain := range uncheckedDomains {
+		p.resolvingDomains[domain] = struct{}{}
+	}
+
+	return uncheckedDomains
 }
 
 func searchUncheckedDomains(ctx context.Context, domainsToCheck, existentDomains []string) []string {