aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules/caddyhttp/autohttps.go
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2020-03-23 12:21:39 -0600
committerMatthew Holt <[email protected]>2020-03-23 12:21:39 -0600
commit4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf (patch)
tree3ad1b4af7efbcb4da1f905705dbca4caa86a4bc2 /modules/caddyhttp/autohttps.go
parent348cb798e26a056bd40f5ec7c0d8f440d7b6cc0b (diff)
downloadcaddy-4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf.tar.gz
caddy-4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf.zip
caddyhttp: Always provision ACME issuers (fix terms agree error)
Diffstat (limited to 'modules/caddyhttp/autohttps.go')
-rw-r--r--modules/caddyhttp/autohttps.go13
1 files changed, 6 insertions, 7 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go
index d8e5c268e..00853f8ef 100644
--- a/modules/caddyhttp/autohttps.go
+++ b/modules/caddyhttp/autohttps.go
@@ -551,7 +551,6 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna
// config values. If any changes are made, acmeIssuer is
// reprovisioned. acmeIssuer must not be nil.
func (app *App) fillInACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) error {
- var anyChanges bool
if app.HTTPPort > 0 || app.HTTPSPort > 0 {
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
@@ -564,7 +563,6 @@ func (app *App) fillInACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) error {
// don't overwrite existing explicit config
if acmeIssuer.Challenges.HTTP.AlternatePort == 0 {
acmeIssuer.Challenges.HTTP.AlternatePort = app.HTTPPort
- anyChanges = true
}
}
if app.HTTPSPort > 0 {
@@ -574,13 +572,14 @@ func (app *App) fillInACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) error {
// don't overwrite existing explicit config
if acmeIssuer.Challenges.TLSALPN.AlternatePort == 0 {
acmeIssuer.Challenges.TLSALPN.AlternatePort = app.HTTPSPort
- anyChanges = true
}
}
- if anyChanges {
- return acmeIssuer.Provision(app.ctx)
- }
- return nil
+ // we must provision all ACME issuers, even if nothing
+ // was changed, because we don't know if they are new
+ // and haven't been provisioned yet; if an ACME issuer
+ // never gets provisioned, its Agree field stays false,
+ // which leads to, um, problems later on
+ return acmeIssuer.Provision(app.ctx)
}
// automaticHTTPSPhase2 begins certificate management for