github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-01 21:24:23 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

https: Refuse start only if renewal fails on expired cert (closes #642)

Browse Source
This commit is contained in:
Matthew Holt 2016-03-02 11:34:39 -07:00
parent 2a46f2a14e
commit 36b440c04b
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
caddy/https/maintain.go
View File

@ -89,8 +89,13 @@ func renewManagedCertificates(allowPrompts bool) (err error) {
err := client.Renew(cert.Names[0]) // managed certs better have only one name err := client.Renew(cert.Names[0]) // managed certs better have only one name
if err != nil { if err != nil {
if client.AllowPrompts { if client.AllowPrompts && timeLeft < 0 {
// User is present, so stop immediately and report the error // Certificate renewal failed, the operator is present, and the certificate
// is already expired; we should stop immediately and return the error. Note
// that we used to do this any time a renewal failed at startup. However,
// after discussion in https://github.com/mholt/caddy/issues/642 we decided to
// only stop startup if the certificate is expired. We still log the error
// otherwise.
certCacheMu.RUnlock() certCacheMu.RUnlock()
return err return err
} }