Auto regenerate TLS cert

[orbitalturtle]

Auto-regenerates TLS files once expired.

Fixes #2758

[redstorm1]

I'm suffering from this issue. the auto generated cert has expired and connections now fail. cannot even unlock the wallet.

Organization: lnd autogenerated cert
Valid From: March 18, 2018
Valid To: May 13, 2019

[lncli] rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid"

[cfromknecht]

@orbitalturtle thanks for fixing this! completed an initial pass, changes look pretty good to me. mostly minor nits

[cfromknecht]

@redstorm1 in the meantime you can try deleting the tls.cert and tls.key and restarting lnd

[cfromknecht]

@orbitalturtle any progress on this front? should we keep this slated for 0.7?

[orbitalturtle]

Hey @cfromknecht - sure that all sounds good, I'll push up my revisions tomorrow. :)

[cfromknecht]

@orbitalturtle excellent, thanks!

[orbitalturtle]

@cfromknecht Ok finally revised that! Lmk if I can be of any more assistance. Less busy now, so will be more responsive.

[cfromknecht]

thanks @orbitalturtle! couple small comments, otherwise looking pretty good

[cfromknecht]

@orbitalturtle this probably needs a rebase, since the main lnd_test.go file has been recently moved to lntest/itest/lnd_test.go

[cfromknecht]

@orbitalturtle be sure to run make lint, the current build is failing with lntest/node.go:1::warning: file is not gofmted with -s (gofmt)

also recommend not using the github "merge w/ master" button, typically better to rebase over master and force push :)

[orbitalturtle]

@cfromknecht Ahhhh my bad, fixed that

[halseth]

thanks for the PR! This is definitely useful, and the change looks good to me.

However, I don't think this warrants another integration test (hey have quite an overhead). Could you instead make the getTLSConfig method more testable and add a unit test? :)

[halseth]

nit: missing period end of sentence.

[orbitalturtle]

@halseth Sure thing, I can take a stab at that tonight. Just a bit confused about how to approach that if you can elaborate a bit! Like which file do you see the unit test being in?

[halseth]

@orbitalturtle You can put the test in server_test.go. Just a simple test to make sure the getTLSConfig method creates the files as expected (you can perhaps make it take the file path directly instead of the full config to simplify).

[cfromknecht]

@halseth should we consider doing that as a follow up given that the PR is complete as is?

[cfromknecht]

@orbitalturtle if you can rebase on latest master and leave the itest, we can get this merged in time for the release candidate. If not we may need to push off to 0.8

[orbitalturtle]

@cfromknecht Sure thing, just rebased as is

Almost done with the new test in server_test.go I think, but I suppose that would require more review. So if this is merged as is, I’ll just add another PR updating the tests?

[cfromknecht]

@orbitalturtle awesome thanks! yeah since it doesn't affect the operational behavior, i'm fine with moving it to a unit test in a separate PR

[cfromknecht]

LGTM ⛵️