tls: Make the on-demand rate limiter actually work

This required a custom rate limiter implementation in CertMagic

1 files changed, 6 insertions, 8 deletions

diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 7aa1856..5054081 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -26,7 +26,6 @@ import (
 	"github.com/caddyserver/caddy/v2"
 	"github.com/go-acme/lego/v3/challenge"
 	"github.com/mholt/certmagic"
-	"golang.org/x/time/rate"
 )
 
 func init() {
@@ -104,13 +103,12 @@ func (t *TLS) Provision(ctx caddy.Context) error {
 
 	// on-demand rate limiting
 	if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.RateLimit != nil {
-		limit := rate.Every(time.Duration(t.Automation.OnDemand.RateLimit.Interval))
-		onDemandRateLimiter.SetLimit(limit)
-		onDemandRateLimiter.SetBurst(t.Automation.OnDemand.RateLimit.Burst)
+		onDemandRateLimiter.SetMaxEvents(t.Automation.OnDemand.RateLimit.Burst)
+		onDemandRateLimiter.SetWindow(time.Duration(t.Automation.OnDemand.RateLimit.Interval))
 	} else {
-		// if no rate limit is specified, be sure to remove any existing limit
-		onDemandRateLimiter.SetLimit(0)
-		onDemandRateLimiter.SetBurst(0)
+		// remove any existing rate limiter
+		onDemandRateLimiter.SetMaxEvents(0)
+		onDemandRateLimiter.SetWindow(0)
 	}
 
 	// load manual/static (unmanaged) certificates - we do this in
@@ -384,7 +382,7 @@ type ManagerMaker interface {
 
 // These perpetual values are used for on-demand TLS.
 var (
-	onDemandRateLimiter = rate.NewLimiter(0, 1)
+	onDemandRateLimiter = certmagic.NewRateLimiter(0, 0)
 	onDemandAskClient   = &http.Client{
 		Timeout: 10 * time.Second,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {