mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-02 05:33:38 +08:00
https: Refuse start only if renewal fails on expired cert (closes #642)
This commit is contained in:
parent
2a46f2a14e
commit
36b440c04b
|
@ -89,8 +89,13 @@ func renewManagedCertificates(allowPrompts bool) (err error) {
|
||||||
|
|
||||||
err := client.Renew(cert.Names[0]) // managed certs better have only one name
|
err := client.Renew(cert.Names[0]) // managed certs better have only one name
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if client.AllowPrompts {
|
if client.AllowPrompts && timeLeft < 0 {
|
||||||
// User is present, so stop immediately and report the error
|
// Certificate renewal failed, the operator is present, and the certificate
|
||||||
|
// is already expired; we should stop immediately and return the error. Note
|
||||||
|
// that we used to do this any time a renewal failed at startup. However,
|
||||||
|
// after discussion in https://github.com/mholt/caddy/issues/642 we decided to
|
||||||
|
// only stop startup if the certificate is expired. We still log the error
|
||||||
|
// otherwise.
|
||||||
certCacheMu.RUnlock()
|
certCacheMu.RUnlock()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user