diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go index 13872fd..b5f1596 100644 --- a/src/mod/acme/autorenew.go +++ b/src/mod/acme/autorenew.go @@ -40,7 +40,6 @@ type AutoRenewer struct { type ExpiredCerts struct { Domains []string Filepath string - CA string } // Create an auto renew agent, require config filepath and auto scan & renew interval (seconds) @@ -280,12 +279,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) { } if CertExpireSoon(certBytes) || CertIsExpired(certBytes) { //This cert is expired - CAName, err := ExtractIssuerName(certBytes) - if err != nil { - //Maybe self signed. Ignore this - log.Println("Unable to extract issuer name for cert " + file.Name()) - continue - } DNSName, err := ExtractDomains(certBytes) if err != nil { @@ -296,7 +289,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) { expiredCertList = append(expiredCertList, &ExpiredCerts{ Filepath: filepath.Join(certFolder, file.Name()), - CA: CAName, Domains: DNSName, }) } @@ -315,12 +307,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) { } if CertExpireSoon(certBytes) || CertIsExpired(certBytes) { //This cert is expired - CAName, err := ExtractIssuerName(certBytes) - if err != nil { - //Maybe self signed. Ignore this - log.Println("Unable to extract issuer name for cert " + file.Name()) - continue - } DNSName, err := ExtractDomains(certBytes) if err != nil { @@ -331,7 +317,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) { expiredCertList = append(expiredCertList, &ExpiredCerts{ Filepath: filepath.Join(certFolder, file.Name()), - CA: CAName, Domains: DNSName, }) } @@ -361,8 +346,14 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro certInfoFilename := fmt.Sprintf("%s/%s.json", filepath.Dir(expiredCert.Filepath), certName) certInfo, err := loadCertInfoJSON(certInfoFilename) if err != nil { - log.Printf("Renew %s certificate error, can't get the ACME detail for cert: %v, using default ACME", certName, err) - certInfo = &CertificateInfoJSON{} + log.Printf("Renew %s certificate error, can't get the ACME detail for cert: %v, trying org section as ca", certName, err) + + if CAName, extractErr := ExtractIssuerNameFromPEM(expiredCert.Filepath); extractErr != nil { + log.Printf("extract issuer name for cert error: %v, using default ca", extractErr) + certInfo = &CertificateInfoJSON{} + } else { + certInfo = &CertificateInfoJSON{AcmeName: CAName} + } } _, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS) diff --git a/src/mod/acme/ca.go b/src/mod/acme/ca.go index 205771e..87f9fc4 100644 --- a/src/mod/acme/ca.go +++ b/src/mod/acme/ca.go @@ -10,6 +10,7 @@ import ( "encoding/json" "errors" "log" + "strings" ) // CA Defination, load from embeded json when startup @@ -36,9 +37,15 @@ func init() { // Get the CA ACME server endpoint and error if not found func loadCAApiServerFromName(caName string) (string, error) { + // handle BuyPass cert org section (Buypass AS-983163327) + if strings.HasPrefix(caName, "Buypass AS") { + caName = "Buypass" + } + val, ok := caDef.Production[caName] if !ok { return "", errors.New("This CA is not supported") } + return val, nil } diff --git a/src/mod/acme/utils.go b/src/mod/acme/utils.go index 40d873d..1638044 100644 --- a/src/mod/acme/utils.go +++ b/src/mod/acme/utils.go @@ -53,6 +53,11 @@ func ExtractIssuerName(certBytes []byte) (string, error) { return "", fmt.Errorf("failed to parse certificate: %v", err) } + // Check if exist incase some acme server didn't have org section + if len(cert.Issuer.Organization) == 0 { + return "", fmt.Errorf("cert didn't have org section exist") + } + // Extract the issuer name issuer := cert.Issuer.Organization[0]