summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-09-24 17:04:03 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2019-09-24 17:04:03 -0700
commit7b33c8db3161d3558147d02f8d7818352e6983b7 (patch)
tree9e3d4041ddf5646460610a6679555cabc971efbf
parent11696793bd15503006f44876c0f9f3b5d53e4d18 (diff)
tls: Make cert and OCSP check intervals configurable
This enables use of ACME CAs that issue shorter-lived certs
-rw-r--r--modules/caddytls/tls.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 1f05c1d..3b54004 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -66,6 +66,8 @@ func (t *TLS) Provision(ctx caddy.Context) error {
GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) {
return t.getConfigForName(cert.Names[0])
},
+ OCSPCheckInterval: time.Duration(t.Automation.OCSPCheckInterval),
+ RenewCheckInterval: time.Duration(t.Automation.RenewCheckInterval),
})
// automation/management policies
@@ -286,8 +288,10 @@ type Certificate struct {
// AutomationConfig designates configuration for the
// construction and use of ACME clients.
type AutomationConfig struct {
- Policies []AutomationPolicy `json:"policies,omitempty"`
- OnDemand *OnDemandConfig `json:"on_demand,omitempty"`
+ Policies []AutomationPolicy `json:"policies,omitempty"`
+ OnDemand *OnDemandConfig `json:"on_demand,omitempty"`
+ OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"`
+ RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"`
}
// AutomationPolicy designates the policy for automating the