Modify the ACME renewing logs level
This commit is contained in:
parent
41d8863d2f
commit
6333bfe6e8
1 changed files with 64 additions and 31 deletions
65
acme/acme.go
65
acme/acme.go
|
@ -394,11 +394,35 @@ func (a *ACME) retrieveCertificates() {
|
||||||
|
|
||||||
func (a *ACME) renewCertificates() {
|
func (a *ACME) renewCertificates() {
|
||||||
a.jobs.In() <- func() {
|
a.jobs.In() <- func() {
|
||||||
log.Debug("Testing certificate renew...")
|
log.Info("Testing certificate renew...")
|
||||||
account := a.store.Get().(*Account)
|
account := a.store.Get().(*Account)
|
||||||
for _, certificateResource := range account.DomainsCertificate.Certs {
|
for _, certificateResource := range account.DomainsCertificate.Certs {
|
||||||
if certificateResource.needRenew() {
|
if certificateResource.needRenew() {
|
||||||
log.Debugf("Renewing certificate %+v", certificateResource.Domains)
|
log.Infof("Renewing certificate from LE : %+v", certificateResource.Domains)
|
||||||
|
renewedACMECert, err := a.renewACMECertificate(certificateResource)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Error renewing certificate from LE: %v", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
operation := func() error {
|
||||||
|
return a.storeRenewedCertificate(account, certificateResource, renewedACMECert)
|
||||||
|
}
|
||||||
|
notify := func(err error, time time.Duration) {
|
||||||
|
log.Warnf("Renewed certificate storage error: %v, retrying in %s", err, time)
|
||||||
|
}
|
||||||
|
ebo := backoff.NewExponentialBackOff()
|
||||||
|
ebo.MaxElapsedTime = 60 * time.Second
|
||||||
|
err = backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Datastore cannot sync: %v", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *ACME) renewACMECertificate(certificateResource *DomainsCertificate) (*Certificate, error) {
|
||||||
renewedCert, err := a.client.RenewCertificate(acme.CertificateResource{
|
renewedCert, err := a.client.RenewCertificate(acme.CertificateResource{
|
||||||
Domain: certificateResource.Certificate.Domain,
|
Domain: certificateResource.Certificate.Domain,
|
||||||
CertURL: certificateResource.Certificate.CertURL,
|
CertURL: certificateResource.Certificate.CertURL,
|
||||||
|
@ -407,36 +431,45 @@ func (a *ACME) renewCertificates() {
|
||||||
Certificate: certificateResource.Certificate.Certificate,
|
Certificate: certificateResource.Certificate.Certificate,
|
||||||
}, true, OSCPMustStaple)
|
}, true, OSCPMustStaple)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Error renewing certificate: %v", err)
|
return nil, err
|
||||||
continue
|
|
||||||
}
|
}
|
||||||
log.Debugf("Renewed certificate %+v", certificateResource.Domains)
|
log.Infof("Renewed certificate from LE: %+v", certificateResource.Domains)
|
||||||
renewedACMECert := &Certificate{
|
return &Certificate{
|
||||||
Domain: renewedCert.Domain,
|
Domain: renewedCert.Domain,
|
||||||
CertURL: renewedCert.CertURL,
|
CertURL: renewedCert.CertURL,
|
||||||
CertStableURL: renewedCert.CertStableURL,
|
CertStableURL: renewedCert.CertStableURL,
|
||||||
PrivateKey: renewedCert.PrivateKey,
|
PrivateKey: renewedCert.PrivateKey,
|
||||||
Certificate: renewedCert.Certificate,
|
Certificate: renewedCert.Certificate,
|
||||||
}
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *ACME) storeRenewedCertificate(account *Account, certificateResource *DomainsCertificate, renewedACMECert *Certificate) error {
|
||||||
transaction, object, err := a.store.Begin()
|
transaction, object, err := a.store.Begin()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Error renewing certificate: %v", err)
|
return fmt.Errorf("error during transaction initialization for renewing certificate: %v", err)
|
||||||
continue
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Infof("Renewing certificate in data store : %+v ", certificateResource.Domains)
|
||||||
account = object.(*Account)
|
account = object.(*Account)
|
||||||
err = account.DomainsCertificate.renewCertificates(renewedACMECert, certificateResource.Domains)
|
err = account.DomainsCertificate.renewCertificates(renewedACMECert, certificateResource.Domains)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Error renewing certificate: %v", err)
|
return fmt.Errorf("error renewing certificate in datastore: %v ", err)
|
||||||
continue
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Infof("Commit certificate renewed in data store : %+v", certificateResource.Domains)
|
||||||
if err = transaction.Commit(account); err != nil {
|
if err = transaction.Commit(account); err != nil {
|
||||||
log.Errorf("Error Saving ACME account %+v: %s", account, err.Error())
|
return fmt.Errorf("error saving ACME account %+v: %v", account, err)
|
||||||
continue
|
}
|
||||||
}
|
|
||||||
}
|
oldAccount := a.store.Get().(*Account)
|
||||||
|
for _, oldCertificateResource := range oldAccount.DomainsCertificate.Certs {
|
||||||
|
if oldCertificateResource.Domains.Main == certificateResource.Domains.Main && strings.Join(oldCertificateResource.Domains.SANs, ",") == strings.Join(certificateResource.Domains.SANs, ",") && certificateResource.Certificate != renewedACMECert {
|
||||||
|
return fmt.Errorf("renewed certificate not stored: %+v", certificateResource.Domains)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Infof("Certificate successfully renewed in data store: %+v", certificateResource.Domains)
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func dnsOverrideDelay(delay int) error {
|
func dnsOverrideDelay(delay int) error {
|
||||||
|
@ -448,7 +481,7 @@ func dnsOverrideDelay(delay int) error {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
} else if delay < 0 {
|
} else if delay < 0 {
|
||||||
err = fmt.Errorf("Invalid negative DelayDontCheckDNS: %d", delay)
|
err = fmt.Errorf("invalid negative DelayDontCheckDNS: %d", delay)
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue