Pablu/domain-router
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dont rerequest cert if its not invalid

Browse Source
This commit is contained in:
Pablu23
2025-07-21 14:14:23 +02:00
parent bbd747aa46
commit 75fe9ffc65
1 changed files with 69 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
acme/acme.go
View File

@@ -6,6 +6,7 @@ import (
"crypto/rand" "crypto/rand"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/json"
"encoding/pem" "encoding/pem"
"errors" "errors"
"net/http" "net/http"
@@ -30,6 +31,10 @@ type Acme struct {
renewTicker *time.Ticker renewTicker *time.Ticker
} }
type CertDomainStorage struct {
Domains map[string]time.Time
}
func SetupAcme(config *domainrouter.Config) (*Acme, error) { func SetupAcme(config *domainrouter.Config) (*Acme, error) {
acme := config.Server.Ssl.Acme acme := config.Server.Ssl.Acme
@@ -40,7 +45,8 @@ func SetupAcme(config *domainrouter.Config) (*Acme, error) {
// Maybe this should be reconsidered, to create a new private Key / account per Acme request // Maybe this should be reconsidered, to create a new private Key / account per Acme request
var privateKey *ecdsa.PrivateKey var privateKey *ecdsa.PrivateKey
if _, err := os.Stat(acme.KeyFile); errors.Is(err, os.ErrNotExist) {
if _, err = os.Stat(acme.KeyFile); errors.Is(err, os.ErrNotExist) {
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -49,6 +55,8 @@ func SetupAcme(config *domainrouter.Config) (*Acme, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
} else if err != nil {
return nil, err
} else { } else {
keyBytes, err := os.ReadFile(acme.KeyFile) keyBytes, err := os.ReadFile(acme.KeyFile)
if err != nil { if err != nil {
@@ -96,6 +104,45 @@ func SetupAcme(config *domainrouter.Config) (*Acme, error) {
domains = append(domains, host.Domains...) domains = append(domains, host.Domains...)
} }
ac := &Acme{
user: &user,
client: client,
domains: domains,
certFilePath: config.Server.Ssl.CertFile,
keyFilePath: config.Server.Ssl.KeyFile,
renewTicker: time.NewTicker(d),
}
if _, err := os.Stat("data.json"); !errors.Is(err, os.ErrNotExist) {
file, err := os.Open("data.json")
if err != nil {
return nil, err
}
var data CertDomainStorage
err = json.NewDecoder(file).Decode(&data)
if err != nil {
return nil, err
}
mustRenew := false
for _, domain := range domains {
if reqTime, ok := data.Domains[domain]; ok {
if reqTime.Add(d).Before(time.Now()) {
mustRenew = true
break
}
}
}
if !mustRenew {
return ac, nil
}
} else if err != nil {
return nil, err
}
request := certificate.ObtainRequest{ request := certificate.ObtainRequest{
Domains: domains, Domains: domains,
Bundle: true, Bundle: true,
@@ -116,14 +163,27 @@ func SetupAcme(config *domainrouter.Config) (*Acme, error) {
return nil, err return nil, err
} }
return &Acme{ dataDomains := make(map[string]time.Time)
user: &user, now := time.Now()
client: client, for _, domain := range domains {
domains: domains, dataDomains[domain] = now
certFilePath: config.Server.Ssl.CertFile, }
keyFilePath: config.Server.Ssl.KeyFile,
renewTicker: time.NewTicker(d), data := CertDomainStorage{
}, nil Domains: dataDomains,
}
file, err := os.Create("data.json")
if err != nil {
return nil, err
}
err = json.NewEncoder(file).Encode(&data)
if err != nil {
return nil, err
}
return ac, nil
} }
func (a *Acme) RenewAcme() error { func (a *Acme) RenewAcme() error {