Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed" #21224

Open
prologic opened this issue Jul 30, 2017 · 4 comments

Comments

@prologic
Copy link

commented Jul 30, 2017

My use-case for ACME / LetsEncrypt is to setup a TLS Listener that isn't a HTTP/HTTPS endpoint. e.g: IRC, or something else.

The code in x/crypto/acme/autocert doesn't make it very obvious how one can identify whether a cert was successfully acquired or renewed. The only solution I've come up with in poking at this is to "watch" for changes to the file system with a file-system implementation of the Cache interface.

Is this something we can add or is there a more recommended way to handle this?

@gopherbot gopherbot added this to the Unreleased milestone Jul 30, 2017

@odeke-em

This comment has been minimized.

Copy link
Member

commented Jul 31, 2017

@x1ddos

This comment has been minimized.

Copy link
Member

commented Jul 31, 2017

Somehow this feels closely related to #19800: hooks/logs for some event such as renew or a failure.

@prologic

This comment has been minimized.

Copy link
Author

commented Jul 31, 2017

I did notice the title of that issue when filing this but at first glance wasn't quite what I was describing here. The way I see this working now is:

mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS)
})
log.Fatal(http.Serve(autocert.NewListener("example.com"), mux))

But if this isn't even the server you're trying to setup a TLS Listener for then you need a way to figure out when the challenge/response completed successfully so you can "borrow" that cert to use in your real TLS listener.

@x1ddos

This comment has been minimized.

Copy link
Member

commented Jul 31, 2017

Then maybe just using golang.org/x/crypto/acme could be simpler in your case? Autocert was designed specifically to aid TLS listeners.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.