mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-06-06 07:37:21 +02:00
Merge pull request #65 from daluntw/2.6.7
Fix the out of range problem when certificate auto renew
This commit is contained in:
commit
ed92cccf0e
@ -40,7 +40,6 @@ type AutoRenewer struct {
|
|||||||
type ExpiredCerts struct {
|
type ExpiredCerts struct {
|
||||||
Domains []string
|
Domains []string
|
||||||
Filepath string
|
Filepath string
|
||||||
CA string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create an auto renew agent, require config filepath and auto scan & renew interval (seconds)
|
// Create an auto renew agent, require config filepath and auto scan & renew interval (seconds)
|
||||||
@ -280,12 +279,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
|
|||||||
}
|
}
|
||||||
if CertExpireSoon(certBytes) || CertIsExpired(certBytes) {
|
if CertExpireSoon(certBytes) || CertIsExpired(certBytes) {
|
||||||
//This cert is expired
|
//This cert is expired
|
||||||
CAName, err := ExtractIssuerName(certBytes)
|
|
||||||
if err != nil {
|
|
||||||
//Maybe self signed. Ignore this
|
|
||||||
log.Println("Unable to extract issuer name for cert " + file.Name())
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
DNSName, err := ExtractDomains(certBytes)
|
DNSName, err := ExtractDomains(certBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -296,7 +289,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
|
|||||||
|
|
||||||
expiredCertList = append(expiredCertList, &ExpiredCerts{
|
expiredCertList = append(expiredCertList, &ExpiredCerts{
|
||||||
Filepath: filepath.Join(certFolder, file.Name()),
|
Filepath: filepath.Join(certFolder, file.Name()),
|
||||||
CA: CAName,
|
|
||||||
Domains: DNSName,
|
Domains: DNSName,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -315,12 +307,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
|
|||||||
}
|
}
|
||||||
if CertExpireSoon(certBytes) || CertIsExpired(certBytes) {
|
if CertExpireSoon(certBytes) || CertIsExpired(certBytes) {
|
||||||
//This cert is expired
|
//This cert is expired
|
||||||
CAName, err := ExtractIssuerName(certBytes)
|
|
||||||
if err != nil {
|
|
||||||
//Maybe self signed. Ignore this
|
|
||||||
log.Println("Unable to extract issuer name for cert " + file.Name())
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
DNSName, err := ExtractDomains(certBytes)
|
DNSName, err := ExtractDomains(certBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -331,7 +317,6 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
|
|||||||
|
|
||||||
expiredCertList = append(expiredCertList, &ExpiredCerts{
|
expiredCertList = append(expiredCertList, &ExpiredCerts{
|
||||||
Filepath: filepath.Join(certFolder, file.Name()),
|
Filepath: filepath.Join(certFolder, file.Name()),
|
||||||
CA: CAName,
|
|
||||||
Domains: DNSName,
|
Domains: DNSName,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -361,8 +346,14 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
|
|||||||
certInfoFilename := fmt.Sprintf("%s/%s.json", filepath.Dir(expiredCert.Filepath), certName)
|
certInfoFilename := fmt.Sprintf("%s/%s.json", filepath.Dir(expiredCert.Filepath), certName)
|
||||||
certInfo, err := loadCertInfoJSON(certInfoFilename)
|
certInfo, err := loadCertInfoJSON(certInfoFilename)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Renew %s certificate error, can't get the ACME detail for cert: %v, using default ACME", certName, err)
|
log.Printf("Renew %s certificate error, can't get the ACME detail for cert: %v, trying org section as ca", certName, err)
|
||||||
certInfo = &CertificateInfoJSON{}
|
|
||||||
|
if CAName, extractErr := ExtractIssuerNameFromPEM(expiredCert.Filepath); extractErr != nil {
|
||||||
|
log.Printf("extract issuer name for cert error: %v, using default ca", extractErr)
|
||||||
|
certInfo = &CertificateInfoJSON{}
|
||||||
|
} else {
|
||||||
|
certInfo = &CertificateInfoJSON{AcmeName: CAName}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS)
|
_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS)
|
||||||
|
@ -10,6 +10,7 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"log"
|
"log"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
// CA Defination, load from embeded json when startup
|
// CA Defination, load from embeded json when startup
|
||||||
@ -36,9 +37,15 @@ func init() {
|
|||||||
|
|
||||||
// Get the CA ACME server endpoint and error if not found
|
// Get the CA ACME server endpoint and error if not found
|
||||||
func loadCAApiServerFromName(caName string) (string, error) {
|
func loadCAApiServerFromName(caName string) (string, error) {
|
||||||
|
// handle BuyPass cert org section (Buypass AS-983163327)
|
||||||
|
if strings.HasPrefix(caName, "Buypass AS") {
|
||||||
|
caName = "Buypass"
|
||||||
|
}
|
||||||
|
|
||||||
val, ok := caDef.Production[caName]
|
val, ok := caDef.Production[caName]
|
||||||
if !ok {
|
if !ok {
|
||||||
return "", errors.New("This CA is not supported")
|
return "", errors.New("This CA is not supported")
|
||||||
}
|
}
|
||||||
|
|
||||||
return val, nil
|
return val, nil
|
||||||
}
|
}
|
||||||
|
@ -53,6 +53,11 @@ func ExtractIssuerName(certBytes []byte) (string, error) {
|
|||||||
return "", fmt.Errorf("failed to parse certificate: %v", err)
|
return "", fmt.Errorf("failed to parse certificate: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if exist incase some acme server didn't have org section
|
||||||
|
if len(cert.Issuer.Organization) == 0 {
|
||||||
|
return "", fmt.Errorf("cert didn't have org section exist")
|
||||||
|
}
|
||||||
|
|
||||||
// Extract the issuer name
|
// Extract the issuer name
|
||||||
issuer := cert.Issuer.Organization[0]
|
issuer := cert.Issuer.Organization[0]
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user