Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #52 - Ensure key/cert are in a consistent state despite errors #53

Merged
merged 2 commits into from
Mar 25, 2024
Merged

Fixes #52 - Ensure key/cert are in a consistent state despite errors #53

merged 2 commits into from
Mar 25, 2024

Conversation

zsteinkamp
Copy link
Contributor

Proposed changes

Issue #52 details a scenario where a failure during ACME validation can leave the target system in a failed state where HTTPS does not work at all. The nature of the problem is that the new .key file is written before the ACME validation step runs. If that validation fails, then the system is left with a new .key file and an old .crt file, which is invalid.

This change is to first write the new .key to a .key.tmp file, do the ACME validation, store the .crt, then rename the .key.tmp file to .key before purging the cache.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • I have updated any relevant documentation (README.md and CHANGELOG.md)

@zsteinkamp zsteinkamp mentioned this pull request Mar 25, 2024
Closed
4141done
4141done approved these changes Mar 25, 2024
View reviewed changes
Copy link
Collaborator

@4141done 4141done left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 🐳 👍

@zsteinkamp zsteinkamp merged commit d827cd6 into main Mar 25, 2024
4 checks passed
@zsteinkamp zsteinkamp deleted the zsteinkamp/52-temp-key branch March 25, 2024 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@4141done 4141done 4141done approved these changes

@ryepup ryepup Awaiting requested review from ryepup

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zsteinkamp @4141done