diff options
author | Matthew Holt <[email protected]> | 2020-03-23 12:21:39 -0600 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2020-03-23 12:21:39 -0600 |
commit | 4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf (patch) | |
tree | 3ad1b4af7efbcb4da1f905705dbca4caa86a4bc2 /modules/caddyhttp/autohttps.go | |
parent | 348cb798e26a056bd40f5ec7c0d8f440d7b6cc0b (diff) | |
download | caddy-4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf.tar.gz caddy-4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf.zip |
caddyhttp: Always provision ACME issuers (fix terms agree error)
Diffstat (limited to 'modules/caddyhttp/autohttps.go')
-rw-r--r-- | modules/caddyhttp/autohttps.go | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index d8e5c268e..00853f8ef 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -551,7 +551,6 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna // config values. If any changes are made, acmeIssuer is // reprovisioned. acmeIssuer must not be nil. func (app *App) fillInACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) error { - var anyChanges bool if app.HTTPPort > 0 || app.HTTPSPort > 0 { if acmeIssuer.Challenges == nil { acmeIssuer.Challenges = new(caddytls.ChallengesConfig) @@ -564,7 +563,6 @@ func (app *App) fillInACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) error { // don't overwrite existing explicit config if acmeIssuer.Challenges.HTTP.AlternatePort == 0 { acmeIssuer.Challenges.HTTP.AlternatePort = app.HTTPPort - anyChanges = true } } if app.HTTPSPort > 0 { @@ -574,13 +572,14 @@ func (app *App) fillInACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) error { // don't overwrite existing explicit config if acmeIssuer.Challenges.TLSALPN.AlternatePort == 0 { acmeIssuer.Challenges.TLSALPN.AlternatePort = app.HTTPSPort - anyChanges = true } } - if anyChanges { - return acmeIssuer.Provision(app.ctx) - } - return nil + // we must provision all ACME issuers, even if nothing + // was changed, because we don't know if they are new + // and haven't been provisioned yet; if an ACME issuer + // never gets provisioned, its Agree field stays false, + // which leads to, um, problems later on + return acmeIssuer.Provision(app.ctx) } // automaticHTTPSPhase2 begins certificate management for |