tls: Make cert and OCSP check intervals configurable

This enables use of ACME CAs that issue shorter-lived certs
This commit is contained in:
Matthew Holt 2019-09-24 17:04:03 -07:00
parent 11696793bd
commit 7b33c8db31
No known key found for this signature in database
GPG Key ID: 2A349DD577D586A5

View File

@ -66,6 +66,8 @@ func (t *TLS) Provision(ctx caddy.Context) error {
GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) {
return t.getConfigForName(cert.Names[0])
},
OCSPCheckInterval: time.Duration(t.Automation.OCSPCheckInterval),
RenewCheckInterval: time.Duration(t.Automation.RenewCheckInterval),
})
// automation/management policies
@ -286,8 +288,10 @@ type Certificate struct {
// AutomationConfig designates configuration for the
// construction and use of ACME clients.
type AutomationConfig struct {
Policies []AutomationPolicy `json:"policies,omitempty"`
OnDemand *OnDemandConfig `json:"on_demand,omitempty"`
Policies []AutomationPolicy `json:"policies,omitempty"`
OnDemand *OnDemandConfig `json:"on_demand,omitempty"`
OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"`
RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"`
}
// AutomationPolicy designates the policy for automating the