Skip to content

x/crypto/acme/autocert: NewListener does not acquire new certificates #25901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
FlorianUekermann opened this issue Jun 15, 2018 · 3 comments
Closed

x/crypto/acme/autocert: NewListener does not acquire new certificates #25901

FlorianUekermann opened this issue Jun 15, 2018 · 3 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@FlorianUekermann
Copy link
Contributor

Using log.Fatal(http.Serve(autocert.NewListener("example.com"), handler)) as described by the documentation does not allow the server to acquire new certificates anymore, since Let's Encrypt disabled tls-sni-* validation.

This limitation should either be documented or the function removed. Could the listener be changed to listen to both http and https at the same time, so it can fulfill the role of autocert.Manager.HttpHandler as well?

Related: #21890
@gopherbot gopherbot added this to the Unreleased milestone Jun 15, 2018
@x1ddos
Copy link

x1ddos commented Jun 15, 2018
edited
Loading

Re: fulfill the role of autocert.Manager.HttpHandler. There's a whole discussion about this in the related issue you referenced.

Note that tls-alpn is coming, at which point http won't be required anymore, again. See #25013 for details.

@FlorianUekermann
Copy link
Contributor Author

FlorianUekermann commented Jun 15, 2018
edited
Loading

That sounds like a good plan, although I don't understand the details well enough to have a qualified opinion here.

However, until this works in practice, there needs to be at least a note in the documentation, because right now it simply doesn't work as advertised.

This stuff is too complex to hope that all users just know what they have to do from the logged warnings.

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/125495 mentions this issue: acme/autocert: add support for tls-alpn-01

@golang golang locked and limited conversation to collaborators Jul 23, 2019
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
acme/autocert: add support for tls-alpn-01
2d1b218 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
acme/autocert: add support for tls-alpn-01
3c9802a 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
acme/autocert: add support for tls-alpn-01
bc1e1a3 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
acme/autocert: add support for tls-alpn-01
08a611b 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
acme/autocert: add support for tls-alpn-01
ade5993 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
desdeel2d0m added a commit to desdeel2d0m/crypto that referenced this issue Jul 1, 2024
@desdeel2d0m
acme/autocert: add support for tls-alpn-01
396aa40 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@x1ddos @FlorianUekermann @gopherbot