From 2bfc237e53417f9a0238a13e842b9852adc80eb8 Mon Sep 17 00:00:00 2001
From: Matthieu Martin <matthieu@agence-webup.com>
Date: Thu, 5 Jan 2017 12:32:56 +0100
Subject: [PATCH] Don't fetch ACME certificates for frontends using non-TLS
 entrypoints

---
 server.go | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/server.go b/server.go
index 542b5feee..f98e92d1d 100644
--- a/server.go
+++ b/server.go
@@ -301,16 +301,27 @@ func (server *Server) postLoadConfig() {
 		currentConfigurations := server.currentConfigurations.Get().(configs)
 		for _, configuration := range currentConfigurations {
 			for _, frontend := range configuration.Frontends {
-				for _, route := range frontend.Routes {
-					rules := Rules{}
-					domains, err := rules.ParseDomains(route.Rule)
-					if err != nil {
-						log.Errorf("Error parsing domains: %v", err)
-					} else {
-						server.globalConfiguration.ACME.LoadCertificateForDomains(domains)
+
+				// check if one of the frontend entrypoints is configured with TLS
+				TLSEnabled := false
+				for _, entrypoint := range frontend.EntryPoints {
+					if server.globalConfiguration.EntryPoints[entrypoint].TLS != nil {
+						TLSEnabled = true
+						break
 					}
 				}
 
+				if TLSEnabled {
+					for _, route := range frontend.Routes {
+						rules := Rules{}
+						domains, err := rules.ParseDomains(route.Rule)
+						if err != nil {
+							log.Errorf("Error parsing domains: %v", err)
+						} else {
+							server.globalConfiguration.ACME.LoadCertificateForDomains(domains)
+						}
+					}
+				}
 			}
 		}
 	}