Skip to content

x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed" #21224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
prologic opened this issue Jul 30, 2017 · 4 comments
Open

x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed" #21224

prologic opened this issue Jul 30, 2017 · 4 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@prologic
Copy link

My use-case for ACME / LetsEncrypt is to setup a TLS Listener that isn't a HTTP/HTTPS endpoint. e.g: IRC, or something else.

The code in x/crypto/acme/autocert doesn't make it very obvious how one can identify whether a cert was successfully acquired or renewed. The only solution I've come up with in poking at this is to "watch" for changes to the file system with a file-system implementation of the Cache interface.

Is this something we can add or is there a more recommended way to handle this?
@gopherbot gopherbot added this to the Unreleased milestone Jul 30, 2017
@odeke-em
Copy link
Member

/cc @x1ddos @bradfitz

@x1ddos
Copy link

x1ddos commented Jul 31, 2017

Somehow this feels closely related to #19800: hooks/logs for some event such as renew or a failure.

@prologic
Copy link
Author

I did notice the title of that issue when filing this but at first glance wasn't quite what I was describing here. The way I see this working now is:

mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS)
})
log.Fatal(http.Serve(autocert.NewListener("example.com"), mux))

But if this isn't even the server you're trying to setup a TLS Listener for then you need a way to figure out when the challenge/response completed successfully so you can "borrow" that cert to use in your real TLS listener.

@x1ddos
Copy link

x1ddos commented Jul 31, 2017

Then maybe just using golang.org/x/crypto/acme could be simpler in your case? Autocert was designed specifically to aid TLS listeners.

@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jul 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@x1ddos @prologic @odeke-em @gopherbot @seankhliao