admin: fix certificate renewal for admin (#5169)

certmagic.New takes a template and returns pointer to the new config. GetConfigForCert later must return a pointer to the new config not the template. fixes #5162
author: bit <j@mailb.org> 2022-11-23 18:48:37 +0000
committer: GitHub <noreply@github.com> 2022-11-23 11:48:37 -0700
commit: ac96455a9a6ac34eb8ea95339838038e725f5bee (patch)
tree: c0e08839183afa1754268289a9d22040fca28c4d /admin.go
parent: ee7c92ec9b57c671c9091ff993b1a24251020c25 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/admin.go b/admin.go
index db46e71..4b107ad 100644
--- a/admin.go
+++ b/admin.go
@@ -572,12 +572,13 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error {
 }
 
 func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) *certmagic.Config {
+	var cmCfg *certmagic.Config
 	if ident == nil {
 		// user might not have configured identity; that's OK, we can still make a
 		// certmagic config, although it'll be mostly useless for remote management
 		ident = new(IdentityConfig)
 	}
-	cmCfg := &certmagic.Config{
+	template := certmagic.Config{
 		Storage: DefaultStorage, // do not act as part of a cluster (this is for the server's local identity)
 		Logger:  logger,
 		Issuers: ident.issuers,
@@ -589,7 +590,8 @@ func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool)
 			},
 		})
 	}
-	return certmagic.New(identityCertCache, *cmCfg)
+	cmCfg = certmagic.New(identityCertCache, template)
+	return cmCfg
 }
 
 // IdentityCredentials returns this instance's configured, managed identity credentials
author	bit <j@mailb.org>	2022-11-23 18:48:37 +0000
committer	GitHub <noreply@github.com>	2022-11-23 11:48:37 -0700
commit	ac96455a9a6ac34eb8ea95339838038e725f5bee (patch)
tree	c0e08839183afa1754268289a9d22040fca28c4d /admin.go
parent	ee7c92ec9b57c671c9091ff993b1a24251020c25 (diff)