diff options
| author | Matthew Holt <[email protected]> | 2023-01-30 09:30:53 -0700 |
|---|---|---|
| committer | Matthew Holt <[email protected]> | 2023-01-30 09:30:53 -0700 |
| commit | 0a3efd1641f07ceaa2035cedec1ba43448b2d520 (patch) | |
| tree | 6fd147fb8f80fedbf5648bcd9b1238aad976cb60 /modules | |
| parent | d73660f7c338cf4d12ba82c07e14df7f53593ea5 (diff) | |
| download | caddy-0a3efd1641f07ceaa2035cedec1ba43448b2d520.tar.gz caddy-0a3efd1641f07ceaa2035cedec1ba43448b2d520.zip | |
caddytls: Debug log for ask endpoint
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/caddytls/acmeissuer.go | 10 | ||||
| -rw-r--r-- | modules/caddytls/automation.go | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 12e300ed5..ca7998179 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -495,7 +495,7 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // to see if a certificate can be obtained for name. // The certificate request should be denied if this // returns an error. -func onDemandAskRequest(ask string, name string) error { +func onDemandAskRequest(logger *zap.Logger, ask string, name string) error { askURL, err := url.Parse(ask) if err != nil { return fmt.Errorf("parsing ask URL: %v", err) @@ -504,13 +504,19 @@ func onDemandAskRequest(ask string, name string) error { qs.Set("domain", name) askURL.RawQuery = qs.Encode() - resp, err := onDemandAskClient.Get(askURL.String()) + askURLString := askURL.String() + resp, err := onDemandAskClient.Get(askURLString) if err != nil { return fmt.Errorf("error checking %v to determine if certificate for hostname '%s' should be allowed: %v", ask, name, err) } resp.Body.Close() + logger.Debug("response from ask endpoint", + zap.String("domain", name), + zap.String("url", askURLString), + zap.Int("status", resp.StatusCode)) + if resp.StatusCode < 200 || resp.StatusCode > 299 { return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, errAskDenied, ask, resp.StatusCode) } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index e80d3558b..7f216d5e3 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -174,8 +174,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { if tlsApp.Automation != nil && tlsApp.Automation.OnDemand != nil && tlsApp.Automation.OnDemand.Ask != "" { - err := onDemandAskRequest(tlsApp.Automation.OnDemand.Ask, name) - if err != nil { + if err := onDemandAskRequest(tlsApp.logger, tlsApp.Automation.OnDemand.Ask, name); err != nil { // distinguish true errors from denials, because it's important to log actual errors if !errors.Is(err, errAskDenied) { tlsApp.logger.Error("request to 'ask' endpoint failed", |