Added CertificateTimeout ACME configuration option.

[ceko]

What does this PR do?

This feature allows each configured certificateResolver to specify a finalization (sometimes referred to as certificate) timeout. The configured value is passed to the Lego ACME client library and is used to determine how long the the client waits for an order to transition from ready -> valid.

certificatesResolvers:
  prod:
    acme:
      email: certs@acme.com
      certificateTimeout: "2m"

Motivation

The default Lego ACME client timeout is 30 seconds. This is too short for some certificate authorities and can cause intermittent timeouts. Traefik already passes through several configuration values to the Lego ACME client so it seemed like an easy fix with code patterns already available.

More

• Added/updated tests
• Added/updated documentation

Additional Notes

This type of problem is present in most ACME clients that develop towards LetsEncrypt as a baseline. I created this change both to allow our Traefik instances to successfully request certificates and to contribute back a longstanding community request.

I did not include tests because it's inherently difficult to write a timeout test. It usually slows down the suite and tests for config passing seem rote instead of useful. I am willing to write tests if necessary.

I am willing to update documentation if this request gains traction. I'd like to agree on a configuration key name first.

[mmatur]

Thanks for your contribution @ceko

Could you also add documentation?

[ceko]

I changed FinalizationTimeout to CertificateTimeout to better align with the LEGO options. I also added documentation. Let me know if you'd like anything else to support this change.

[mmatur]

LGTM

Thanks @ceko

[rtribotte]

Thanks