diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddyhttp/autohttps.go | 4 | ||||
-rw-r--r-- | modules/caddytls/automation.go | 33 |
2 files changed, 22 insertions, 15 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index c1d4c08..5c83d8f 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -444,7 +444,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri // what the HTTP and HTTPS ports are) if ap.Issuers == nil { var err error - ap.Issuers, err = caddytls.DefaultIssuers(ctx) + ap.Issuers, err = caddytls.DefaultIssuersProvisioned(ctx) if err != nil { return err } @@ -499,7 +499,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri // never overwrite any other issuer that might already be configured if basePolicy.Issuers == nil { var err error - basePolicy.Issuers, err = caddytls.DefaultIssuers(ctx) + basePolicy.Issuers, err = caddytls.DefaultIssuersProvisioned(ctx) if err != nil { return err } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index ed29e06..bcc0a0c 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -187,7 +187,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { issuers := ap.Issuers if len(issuers) == 0 { var err error - issuers, err = DefaultIssuers(tlsApp.ctx) + issuers, err = DefaultIssuersProvisioned(tlsApp.ctx) if err != nil { return err } @@ -242,21 +242,28 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { return nil } -// DefaultIssuers returns empty but provisioned default Issuers. +// DefaultIssuers returns empty Issuers (not provisioned) to be used as defaults. // This function is experimental and has no compatibility promises. -func DefaultIssuers(ctx caddy.Context) ([]certmagic.Issuer, error) { - acme := new(ACMEIssuer) - err := acme.Provision(ctx) - if err != nil { - return nil, err +func DefaultIssuers() []certmagic.Issuer { + return []certmagic.Issuer{ + new(ACMEIssuer), + &ZeroSSLIssuer{ACMEIssuer: new(ACMEIssuer)}, } - zerossl := new(ZeroSSLIssuer) - err = zerossl.Provision(ctx) - if err != nil { - return nil, err +} + +// DefaultIssuersProvisioned returns empty but provisioned default Issuers from +// DefaultIssuers(). This function is experimental and has no compatibility promises. +func DefaultIssuersProvisioned(ctx caddy.Context) ([]certmagic.Issuer, error) { + issuers := DefaultIssuers() + for i, iss := range issuers { + if prov, ok := iss.(caddy.Provisioner); ok { + err := prov.Provision(ctx) + if err != nil { + return nil, fmt.Errorf("provisioning default issuer %d: %T: %v", i, iss, err) + } + } } - // TODO: eventually, insert ZeroSSL into first position in the slice -- see also httpcaddyfile/tlsapp.go for where similar defaults are configured - return []certmagic.Issuer{acme, zerossl}, nil + return issuers, nil } // ChallengesConfig configures the ACME challenges. |