summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-03-23 13:32:17 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2020-03-23 13:32:17 -0600
commit169883868503c809c9ac9c8c1fe93c7deff9cd2e (patch)
tree05f9a2a684ff8f4097a18a83fd6929e2503ca51a
parent4c43bf8cc8dbdaa42f3eb1fc7936afdefe3d4bbf (diff)
tls: Few minor improvements/simplifications
-rw-r--r--cmd/commandfuncs.go4
-rw-r--r--modules/caddytls/acmeissuer.go1
-rw-r--r--modules/caddytls/automation.go8
3 files changed, 8 insertions, 5 deletions
diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go
index e76d7f1..80d00a3 100644
--- a/cmd/commandfuncs.go
+++ b/cmd/commandfuncs.go
@@ -189,6 +189,10 @@ func cmdRun(fl Flags) (int, error) {
cleanModVersion := strings.TrimPrefix(goModule.Version, "v")
certmagic.UserAgent = "Caddy/" + cleanModVersion
+ // by using Caddy, user indicates agreement to CA terms
+ // (very important, or ACME account creation will fail!)
+ certmagic.DefaultACME.Agreed = true
+
// run the initial config
err = caddy.Load(config, true)
if err != nil {
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index 53638fe..0e43046 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -116,7 +116,6 @@ func (m *ACMEIssuer) makeIssuerTemplate() certmagic.ACMEManager {
template := certmagic.ACMEManager{
CA: m.CA,
Email: m.Email,
- Agreed: true,
CertObtainTimeout: time.Duration(m.ACMETimeout),
TrustedRoots: m.rootPool,
}
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index 9476445..73c12f9 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -154,7 +154,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
}
// if this automation policy has no Issuer defined, and
- // none the subjects do not qualify for a public certificate,
+ // none of the subjects qualify for a public certificate,
// set the issuer to internal so that these names can all
// get certificates; critically, we can only do this if an
// issuer is not explictly configured (IssuerRaw, vs. just
@@ -198,7 +198,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
KeySource: keySource,
OnDemand: ond,
Storage: storage,
- Issuer: ap.Issuer, // if nil, certmagic.New() will set default in returned Config
+ Issuer: ap.Issuer, // if nil, certmagic.New() will create one
}
if rev, ok := ap.Issuer.(certmagic.Revoker); ok {
template.Revoker = rev
@@ -210,8 +210,8 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
// access to the correct storage and cache so it can solve
// ACME challenges -- it's an annoying, inelegant circular
// dependency that I don't know how to resolve nicely!)
- if configger, ok := ap.Issuer.(ConfigSetter); ok {
- configger.SetConfig(ap.magic)
+ if annoying, ok := ap.Issuer.(ConfigSetter); ok {
+ annoying.SetConfig(ap.magic)
}
return nil