mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-22 02:15:45 +03:00
tls: Always stop and report cert renewal error if operator is present
This commit is contained in:
parent
9369b81498
commit
11adb2e5a7
1 changed files with 7 additions and 8 deletions
|
@ -125,14 +125,13 @@ func RenewManagedCertificates(allowPrompts bool) (err error) {
|
||||||
// perform renewal
|
// perform renewal
|
||||||
err := cert.Config.RenewCert(renewName, allowPrompts)
|
err := cert.Config.RenewCert(renewName, allowPrompts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if allowPrompts && cert.NotAfter.Sub(time.Now().UTC()) < 0 {
|
if allowPrompts {
|
||||||
// Certificate renewal failed, the operator is present, and the certificate
|
// Certificate renewal failed and the operator is present; we should stop
|
||||||
// is already expired; we should stop immediately and return the error. Note
|
// immediately and return the error. See a discussion in issue 642
|
||||||
// that we used to do this any time a renewal failed at startup. However,
|
// about this. For a while, we only stopped if the certificate was
|
||||||
// after discussion in https://github.com/mholt/caddy/issues/642 we decided to
|
// expired, but in reality, there is no difference between reporting
|
||||||
// only stop startup if the certificate is expired. We still log the error
|
// it now versus later, except that there's somebody present to deal
|
||||||
// otherwise. I'm not sure how permanent the change in #642 will be...
|
// with it now, so require it.
|
||||||
// TODO: Get rid of the expiration check... always break on error.
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
log.Printf("[ERROR] %v", err)
|
log.Printf("[ERROR] %v", err)
|
||||||
|
|
Loading…
Reference in a new issue