Skip to content

Delete certificates that can't be renewed #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Delete certificates that can't be renewed #125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions lib/resty/auto-ssl/jobs/renewal.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,27 @@ local function renew_check_cert(auto_ssl_instance, storage, domain)
local _, issue_err = ssl_provider.issue_cert(auto_ssl_instance, domain)
if issue_err then
ngx.log(ngx.ERR, "auto-ssl: issuing renewal certificate failed: ", err)
-- Give up on renewing this certificate if we didn't manage to renew
-- it before the expiration date
if cert["expiry"] then
if cert["expiry"] < now then
ngx.log(ngx.ERR, "auto-ssl: existing certificate is expired, deleting: ", domain)
storage:delete_cert(domain)
end
else
local renewal_count = storage:get_renewal_count(domain)
if 30 < renewal_count then
ngx.log(ngx.ERR, "auto-ssl: renewal has failed for 31 times, deleting: ", domain)
storage:delete_cert(domain)
storage:delete_renewal_count(domain)
else
renewal_count = renewal_count + 1
storage:set_renewal_count(domain, renewal_count)
end
end
else
-- Zero the renewal count
storage:delete_renewal_count(domain)
end

renew_check_cert_unlock(domain, storage, local_lock, distributed_lock_value)
Expand Down
23 changes: 23 additions & 0 deletions lib/resty/auto-ssl/storage.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,10 @@ function _M.set_cert(self, domain, fullchain_pem, privkey_pem, cert_pem, expiry)
return self.adapter:set(domain .. ":latest", string)
end

function _M.delete_cert(self, domain)
return self.adapter:delete(domain .. ":latest")
end

function _M.all_cert_domains(self)
local keys, err = self.adapter:keys_with_suffix(":latest")
if err then
Expand Down Expand Up @@ -133,4 +137,23 @@ function _M.issue_cert_unlock(self, domain, lock_rand_value)
end
end

function _M.get_renewal_count(self, domain)
local value, err = self.adapter:get(domain .. ":renewal_count")
if err then
return 0
elseif not value then
return 0
else
return tonumber(value)
end
end

function _M.set_renewal_count(self, domain, value)
return self.adapter:set(domain .. ":renewal_count", value)
end

function _M.delete_renewal_count(self, domain)
return self.adapter:delete(domain .. ":renewal_count")
end

return _M