E2E tests for certmagic ACME provider

* Actually set the CA * Fix the certmangic.storage interface to return the correct error type * Write an e2e test for certmagic against the let's encrypt staging CA
2019-10-17 16:31:02 +01:00
parent 9d559848c2
commit 4885bba2ac
4 changed files with 71 additions and 1 deletions
--- a/api/server/acme/certmagic/certmagic.go
+++ b/api/server/acme/certmagic/certmagic.go
@@ -3,7 +3,9 @@ package certmagic

 import (
 	"log"
+	"math/rand"
 	"net"
+	"time"

 	"github.com/mholt/certmagic"

@@ -15,6 +17,7 @@ type certmagicProvider struct {
 }

 func (c *certmagicProvider) NewListener(ACMEHosts ...string) (net.Listener, error) {
+	certmagic.Default.CA = c.opts.CA
 	if c.opts.ChallengeProvider != nil {
 		// Enabling DNS Challenge disables the other challenges
 		certmagic.Default.DNSProvider = c.opts.ChallengeProvider
@@ -22,6 +25,16 @@ func (c *certmagicProvider) NewListener(ACMEHosts ...string) (net.Listener, erro
 	if c.opts.OnDemand {
 		certmagic.Default.OnDemand = new(certmagic.OnDemandConfig)
 	}
+	if c.opts.Cache != nil {
+		// already validated by new()
+		certmagic.Default.Storage = c.opts.Cache.(certmagic.Storage)
+	}
+	// If multiple instances of the provider are running, inject some
+	// randomness so they don't collide
+	rand.Seed(time.Now().UnixNano())
+	randomDuration := (7 * 24 * time.Hour) + (time.Duration(rand.Intn(504)) * time.Hour)
+	certmagic.Default.RenewDurationBefore = randomDuration
+
 	return certmagic.Listen(ACMEHosts)
 }