Fix triggering multiple concurrent requests to ACME
This commit is contained in:
parent
2b35397169
commit
d73c7ccf50
1 changed files with 11 additions and 15 deletions
|
@ -426,13 +426,11 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check provided certificates
|
// Check if provided certificates are not already in progress and lock them if needed
|
||||||
uncheckedDomains := p.getUncheckedDomains(ctx, domains, tlsStore)
|
uncheckedDomains := p.getUncheckedDomains(ctx, domains, tlsStore)
|
||||||
if len(uncheckedDomains) == 0 {
|
if len(uncheckedDomains) == 0 {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
p.addResolvingDomains(uncheckedDomains)
|
|
||||||
defer p.removeResolvingDomains(uncheckedDomains)
|
defer p.removeResolvingDomains(uncheckedDomains)
|
||||||
|
|
||||||
logger := log.FromContext(ctx)
|
logger := log.FromContext(ctx)
|
||||||
|
@ -481,15 +479,6 @@ func (p *Provider) removeResolvingDomains(resolvingDomains []string) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Provider) addResolvingDomains(resolvingDomains []string) {
|
|
||||||
p.resolvingDomainsMutex.Lock()
|
|
||||||
defer p.resolvingDomainsMutex.Unlock()
|
|
||||||
|
|
||||||
for _, domain := range resolvingDomains {
|
|
||||||
p.resolvingDomains[domain] = struct{}{}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *Provider) addCertificateForDomain(domain types.Domain, certificate, key []byte, tlsStore string) {
|
func (p *Provider) addCertificateForDomain(domain types.Domain, certificate, key []byte, tlsStore string) {
|
||||||
p.certsChan <- &CertAndStore{Certificate: Certificate{Certificate: certificate, Key: key, Domain: domain}, Store: tlsStore}
|
p.certsChan <- &CertAndStore{Certificate: Certificate{Certificate: certificate, Key: key, Domain: domain}, Store: tlsStore}
|
||||||
}
|
}
|
||||||
|
@ -656,8 +645,8 @@ func (p *Provider) renewCertificates(ctx context.Context) {
|
||||||
// Get provided certificate which check a domains list (Main and SANs)
|
// Get provided certificate which check a domains list (Main and SANs)
|
||||||
// from static and dynamic provided certificates.
|
// from static and dynamic provided certificates.
|
||||||
func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []string, tlsStore string) []string {
|
func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []string, tlsStore string) []string {
|
||||||
p.resolvingDomainsMutex.RLock()
|
p.resolvingDomainsMutex.Lock()
|
||||||
defer p.resolvingDomainsMutex.RUnlock()
|
defer p.resolvingDomainsMutex.Unlock()
|
||||||
|
|
||||||
log.FromContext(ctx).Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck)
|
log.FromContext(ctx).Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck)
|
||||||
|
|
||||||
|
@ -673,7 +662,14 @@ func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []str
|
||||||
allDomains = append(allDomains, domain)
|
allDomains = append(allDomains, domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
return searchUncheckedDomains(ctx, domainsToCheck, allDomains)
|
uncheckedDomains := searchUncheckedDomains(ctx, domainsToCheck, allDomains)
|
||||||
|
|
||||||
|
// Lock domains that will be resolved by this routine
|
||||||
|
for _, domain := range uncheckedDomains {
|
||||||
|
p.resolvingDomains[domain] = struct{}{}
|
||||||
|
}
|
||||||
|
|
||||||
|
return uncheckedDomains
|
||||||
}
|
}
|
||||||
|
|
||||||
func searchUncheckedDomains(ctx context.Context, domainsToCheck, existentDomains []string) []string {
|
func searchUncheckedDomains(ctx context.Context, domainsToCheck, existentDomains []string) []string {
|
||||||
|
|
Loading…
Add table
Reference in a new issue