Fix acme.json file automatic creation

acme/acme.go

@@ -46,9 +46,9 @@ type ACME struct {
 	OnHostRule            bool                        `description:"Enable certificate generation on frontends Host rules."`
 	CAServer              string                      `description:"CA server to use."`
 	EntryPoint            string                      `description:"Entrypoint to proxy acme challenge to."`
-	DNSChallenge          *acmeprovider.DNSChallenge  `description:"Activate DNS-01 Challenge"`
+	DNSChallenge          *acmeprovider.DNSChallenge  `description:"Activate DNS-02 Challenge"`
 	HTTPChallenge         *acmeprovider.HTTPChallenge `description:"Activate HTTP-01 Challenge"`
-	DNSProvider           string                      `description:"Activate DNS-01 Challenge (Deprecated)"`                                                       // deprecated
+	DNSProvider           string                      `description:"Activate DNS-02 Challenge (Deprecated)"`                                                       // deprecated
 	DelayDontCheckDNS     flaeg.Duration              `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."` // deprecated
 	ACMELogging           bool                        `description:"Enable debug logging of ACME actions."`
 	client                *acme.Client

acme/localStore.go

@@ -26,7 +26,7 @@ func NewLocalStore(file string) *LocalStore {
 func (s *LocalStore) Get() (*Account, error) {
 	account := &Account{}
 
-	hasData, err := checkFile(s.file)
+	hasData, err := acme.CheckFile(s.file)
 	if err != nil {
 		return nil, err
 	}

integration/acme_test.go

@@ -195,6 +195,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()
+	// A real file is needed to have the right mode on acme.json file
+	defer os.Remove("/tmp/acme.json")
 
 	backend := startTestServer("9010", http.StatusOK)
 	defer backend.Close()

integration/fixtures/acme/acme_http01.toml

@@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
 onHostRule = {{.OnHostRule}}

integration/fixtures/acme/acme_http01_web.toml

@@ -11,7 +11,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
 onHostRule = {{.OnHostRule}}

integration/fixtures/acme/acme_provided.toml

@@ -14,7 +14,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
 onHostRule = {{.OnHostRule}}

integration/fixtures/acme/acme_provided_dynamic.toml

@@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
 onHostRule = {{.OnHostRule}}

integration/fixtures/acme/no_challenge_acme.toml

@@ -14,7 +14,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onHostRule = true
 caServer = "http://{{.BoulderHost}}:4001/directory"

integration/fixtures/acme/wrong_acme.toml

@@ -14,7 +14,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onHostRule = true
 caServer = "http://wrongurl:4001/directory"

integration/fixtures/provideracme/acme.toml

@@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
 onHostRule = {{.OnHostRule}}

integration/fixtures/provideracme/acme_insan.toml

@@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = false
 onHostRule = false

integration/fixtures/provideracme/acme_onhost.toml

@@ -12,7 +12,7 @@ defaultEntryPoints = ["http", "https"]
 
 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
 onHostRule = {{.OnHostRule}}

provider/acme/local_store.go

@@ -16,7 +16,7 @@ var _ Store = (*LocalStore)(nil)
 type LocalStore struct {
 	filename     string
 	storedData   *StoredData
-	SaveDataChan chan *StoredData
+	SaveDataChan chan *StoredData `json:"-"`
 }
 
 // NewLocalStore initializes a new LocalStore with a file name
@@ -30,6 +30,12 @@ func (s *LocalStore) get() (*StoredData, error) {
 	if s.storedData == nil {
 		s.storedData = &StoredData{HTTPChallenges: make(map[string]map[string][]byte)}
 
+		hasData, err := CheckFile(s.filename)
+		if err != nil {
+			return nil, err
+		}
+
+		if hasData {
 			f, err := os.Open(s.filename)
 			if err != nil {
 				return nil, err
@@ -58,6 +64,7 @@ func (s *LocalStore) get() (*StoredData, error) {
 				}
 			}
 		}
+	}
 
 	return s.storedData, nil
 }

provider/acme/local_store_unix.go

@@ -7,10 +7,17 @@ import (
 	"os"
 )
 
-// Check file permissions and content size
+// CheckFile checks file permissions and content size
-func checkFile(name string) (bool, error) {
+func CheckFile(name string) (bool, error) {
 	f, err := os.Open(name)
 	if err != nil {
+		if os.IsNotExist(err) {
+			f, err = os.Create(name)
+			if err != nil {
+				return false, err
+			}
+			return false, f.Chmod(0600)
+		}
 		return false, err
 	}
 	defer f.Close()

provider/acme/local_store_windows.go

@@ -2,11 +2,18 @@ package acme
 
 import "os"
 
-// Check file content size
+// CheckFile checks file content size
 // Do not check file permissions on Windows right now
-func checkFile(name string) (bool, error) {
+func CheckFile(name string) (bool, error) {
 	f, err := os.Open(name)
 	if err != nil {
+		if os.IsNotExist(err) {
+			f, err = os.Create(name)
+			if err != nil {
+				return false, err
+			}
+			return false, f.Chmod(0600)
+		}
 		return false, err
 	}
 	defer f.Close()

provider/acme/provider.go

@@ -42,7 +42,7 @@ type Configuration struct {
 	EntryPoint    string         `description:"EntryPoint to use."`
 	OnHostRule    bool           `description:"Enable certificate generation on frontends Host rules."`
 	OnDemand      bool           `description:"Enable on demand certificate generation. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."` //deprecated
-	DNSChallenge  *DNSChallenge  `description:"Activate DNS-01 Challenge"`
+	DNSChallenge  *DNSChallenge  `description:"Activate DNS-02 Challenge"`
 	HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
 	Domains       []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"`
 }
@@ -72,7 +72,7 @@ type Certificate struct {
 
 // DNSChallenge contains DNS challenge Configuration
 type DNSChallenge struct {
-	Provider         string         `description:"Use a DNS-01 based challenge provider rather than HTTPS."`
+	Provider         string         `description:"Use a DNS-02 based challenge provider rather than HTTPS."`
 	DelayBeforeCheck flaeg.Duration `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."`
 }
 
@@ -116,7 +116,7 @@ func (p *Provider) init() error {
 
 	p.certificates, err = p.Store.GetCertificates()
 	if err != nil {
-		return fmt.Errorf("unable to get ACME account : %v", err)
+		return fmt.Errorf("unable to get ACME certificates : %v", err)
 	}
 
 	p.watchCertificate()