summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbit <j@mailb.org>2022-11-23 18:48:37 +0000
committerGitHub <noreply@github.com>2022-11-23 11:48:37 -0700
commitac96455a9a6ac34eb8ea95339838038e725f5bee (patch)
treec0e08839183afa1754268289a9d22040fca28c4d
parentee7c92ec9b57c671c9091ff993b1a24251020c25 (diff)
admin: fix certificate renewal for admin (#5169)
certmagic.New takes a template and returns pointer to the new config. GetConfigForCert later must return a pointer to the new config not the template. fixes #5162
-rw-r--r--admin.go6
1 files changed, 4 insertions, 2 deletions
diff --git a/admin.go b/admin.go
index db46e71..4b107ad 100644
--- a/admin.go
+++ b/admin.go
@@ -572,12 +572,13 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error {
}
func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) *certmagic.Config {
+ var cmCfg *certmagic.Config
if ident == nil {
// user might not have configured identity; that's OK, we can still make a
// certmagic config, although it'll be mostly useless for remote management
ident = new(IdentityConfig)
}
- cmCfg := &certmagic.Config{
+ template := certmagic.Config{
Storage: DefaultStorage, // do not act as part of a cluster (this is for the server's local identity)
Logger: logger,
Issuers: ident.issuers,
@@ -589,7 +590,8 @@ func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool)
},
})
}
- return certmagic.New(identityCertCache, *cmCfg)
+ cmCfg = certmagic.New(identityCertCache, template)
+ return cmCfg
}
// IdentityCredentials returns this instance's configured, managed identity credentials