From 09a7af8cae2537556e24baa657bfe873b76d92ff Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 19 Feb 2016 10:33:01 -0700 Subject: [PATCH] https: Wait as long as possible to create ACME client at startup (fixes #617) --- caddy/https/https.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/caddy/https/https.go b/caddy/https/https.go index 50ed53d62..824de541b 100644 --- a/caddy/https/https.go +++ b/caddy/https/https.go @@ -117,16 +117,26 @@ func ObtainCerts(configs []server.Config, allowPrompts, proxyACME bool) error { groupedConfigs := groupConfigsByEmail(configs, allowPrompts) for email, group := range groupedConfigs { - client, err := NewACMEClient(email, allowPrompts) - if err != nil { - return errors.New("error creating client: " + err.Error()) - } + // Wait as long as we can before creating the client, because it + // may not be needed, for example, if we already have what we + // need on disk. Creating a client involves the network and + // potentially prompting the user, etc., so only do if necessary. + var client *ACMEClient for _, cfg := range group { if cfg.Host == "" || existingCertAndKey(cfg.Host) { continue } + // Now we definitely do need a client + if client == nil { + var err error + client, err = NewACMEClient(email, allowPrompts) + if err != nil { + return errors.New("error creating client: " + err.Error()) + } + } + // c.Configure assumes that allowPrompts == !proxyACME, // but that's not always true. For example, a restart where // the user isn't present and we're not listening on port 80.