Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed" #21224

Open
prologic opened this issue Jul 30, 2017 · 4 comments
Open

x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed" #21224

prologic opened this issue Jul 30, 2017 · 4 comments
Milestone

Comments

@prologic
Copy link

@prologic prologic commented Jul 30, 2017

My use-case for ACME / LetsEncrypt is to setup a TLS Listener that isn't a HTTP/HTTPS endpoint. e.g: IRC, or something else.

The code in x/crypto/acme/autocert doesn't make it very obvious how one can identify whether a cert was successfully acquired or renewed. The only solution I've come up with in poking at this is to "watch" for changes to the file system with a file-system implementation of the Cache interface.

Is this something we can add or is there a more recommended way to handle this?

@gopherbot gopherbot added this to the Unreleased milestone Jul 30, 2017
@odeke-em
Copy link
Member

@odeke-em odeke-em commented Jul 31, 2017

@x1ddos
Copy link

@x1ddos x1ddos commented Jul 31, 2017

Somehow this feels closely related to #19800: hooks/logs for some event such as renew or a failure.

@prologic
Copy link
Author

@prologic prologic commented Jul 31, 2017

I did notice the title of that issue when filing this but at first glance wasn't quite what I was describing here. The way I see this working now is:

mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS)
})
log.Fatal(http.Serve(autocert.NewListener("example.com"), mux))

But if this isn't even the server you're trying to setup a TLS Listener for then you need a way to figure out when the challenge/response completed successfully so you can "borrow" that cert to use in your real TLS listener.

@x1ddos
Copy link

@x1ddos x1ddos commented Jul 31, 2017

Then maybe just using golang.org/x/crypto/acme could be simpler in your case? Autocert was designed specifically to aid TLS listeners.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants