about summary refs log tree commit diff stats
path: root/internal/server
diff options
context:
space:
mode:
authorAlan Pearce2024-07-11 11:02:10 +0200
committerAlan Pearce2024-07-11 11:02:10 +0200
commita67a216bf8227c271828f901d5a04a600f865711 (patch)
treebb1e8a1cd67b71885df6402f971b64bcf6e0940c /internal/server
parentde704a079eb09b0b9126cb44839d1c0a34014173 (diff)
downloadwebsite-a67a216bf8227c271828f901d5a04a600f865711.tar.lz
website-a67a216bf8227c271828f901d5a04a600f865711.tar.zst
website-a67a216bf8227c271828f901d5a04a600f865711.zip
fix dns01 challenge
Diffstat (limited to 'internal/server')
-rw-r--r--internal/server/tls.go28
1 files changed, 16 insertions, 12 deletions
diff --git a/internal/server/tls.go b/internal/server/tls.go
index 556013d..0561f5a 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -40,10 +40,7 @@ func (s *Server) serveTLS() (err error) {
 	cfg := certmagic.NewDefault()
 	cfg.DefaultServerName = s.config.Domains[0]
 
-	issuer := &certmagic.DefaultACME
-	certmagic.DefaultACME.Agreed = true
-	certmagic.DefaultACME.Email = s.config.Email
-	certmagic.DefaultACME.Logger = certmagic.Default.Logger
+	var issuer *certmagic.ACMEIssuer
 
 	if s.runtimeConfig.Development {
 		ca := s.runtimeConfig.ACMECA
@@ -71,8 +68,8 @@ func (s *Server) serveTLS() (err error) {
 			ListenHost:              s.runtimeConfig.ListenAddress,
 			AltHTTPPort:             s.runtimeConfig.Port,
 			AltTLSALPNPort:          s.runtimeConfig.TLSPort,
+			Logger:                  certmagic.Default.Logger,
 		})
-		cfg.Issuers[0] = issuer
 	} else {
 		rc := &redisConfig{}
 		_, err = conf.Parse("REDIS", rc)
@@ -86,14 +83,20 @@ func (s *Server) serveTLS() (err error) {
 			return errors.Wrap(err, "could not parse ACME config")
 		}
 
-		issuer.DNS01Solver = &certmagic.DNS01Solver{
-			DNSManager: certmagic.DNSManager{
-				DNSProvider: acme,
-				Logger:      certmagic.Default.Logger,
+		issuer = certmagic.NewACMEIssuer(cfg, certmagic.ACMEIssuer{
+			CA:     certmagic.LetsEncryptProductionCA,
+			Email:  s.config.Email,
+			Agreed: true,
+			Logger: certmagic.Default.Logger,
+			DNS01Solver: &certmagic.DNS01Solver{
+				DNSManager: certmagic.DNSManager{
+					DNSProvider: acme,
+					Logger:      certmagic.Default.Logger,
+				},
 			},
-		}
+		})
 
-		log.Debug("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL)
+		log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL)
 
 		rs := certmagic_redis.New()
 		rs.Address = []string{rc.Address}
@@ -110,6 +113,7 @@ func (s *Server) serveTLS() (err error) {
 			return errors.Wrap(err, "could not provision redis storage")
 		}
 	}
+	cfg.Issuers[0] = issuer
 
 	ln, err := listenfd.GetListener(
 		1,
@@ -160,7 +164,7 @@ func (s *Server) serveTLS() (err error) {
 		"https_port",
 		s.runtimeConfig.TLSPort,
 	)
-	err = cfg.ManageSync(context.TODO(), s.config.Domains)
+	err = cfg.ManageAsync(context.TODO(), append(s.config.Domains, "*.aln.pe"))
 	if err != nil {
 		return errors.Wrap(err, "could not enable TLS")
 	}