summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2023-01-30 09:30:53 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2023-01-30 09:30:53 -0700
commit0a3efd1641f07ceaa2035cedec1ba43448b2d520 (patch)
tree6fd147fb8f80fedbf5648bcd9b1238aad976cb60 /modules
parentd73660f7c338cf4d12ba82c07e14df7f53593ea5 (diff)
caddytls: Debug log for ask endpoint
Diffstat (limited to 'modules')
-rw-r--r--modules/caddytls/acmeissuer.go10
-rw-r--r--modules/caddytls/automation.go3
2 files changed, 9 insertions, 4 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index 12e300e..ca79981 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -495,7 +495,7 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
// to see if a certificate can be obtained for name.
// The certificate request should be denied if this
// returns an error.
-func onDemandAskRequest(ask string, name string) error {
+func onDemandAskRequest(logger *zap.Logger, ask string, name string) error {
askURL, err := url.Parse(ask)
if err != nil {
return fmt.Errorf("parsing ask URL: %v", err)
@@ -504,13 +504,19 @@ func onDemandAskRequest(ask string, name string) error {
qs.Set("domain", name)
askURL.RawQuery = qs.Encode()
- resp, err := onDemandAskClient.Get(askURL.String())
+ askURLString := askURL.String()
+ resp, err := onDemandAskClient.Get(askURLString)
if err != nil {
return fmt.Errorf("error checking %v to determine if certificate for hostname '%s' should be allowed: %v",
ask, name, err)
}
resp.Body.Close()
+ logger.Debug("response from ask endpoint",
+ zap.String("domain", name),
+ zap.String("url", askURLString),
+ zap.Int("status", resp.StatusCode))
+
if resp.StatusCode < 200 || resp.StatusCode > 299 {
return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, errAskDenied, ask, resp.StatusCode)
}
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index e80d355..7f216d5 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -174,8 +174,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
if tlsApp.Automation != nil &&
tlsApp.Automation.OnDemand != nil &&
tlsApp.Automation.OnDemand.Ask != "" {
- err := onDemandAskRequest(tlsApp.Automation.OnDemand.Ask, name)
- if err != nil {
+ if err := onDemandAskRequest(tlsApp.logger, tlsApp.Automation.OnDemand.Ask, name); err != nil {
// distinguish true errors from denials, because it's important to log actual errors
if !errors.Is(err, errAskDenied) {
tlsApp.logger.Error("request to 'ask' endpoint failed",