MCPcopy
hub / github.com/caddyserver/certmagic / queueRenewalTask

Method queueRenewalTask

maintain.go:229–271  ·  view source on GitHub ↗
(ctx context.Context, oldCert Certificate, cfg *Config)

Source from the content-addressed store, hash-verified

227}
228
229func (certCache *Cache) queueRenewalTask(ctx context.Context, oldCert Certificate, cfg *Config) error {
230 log := certCache.logger.Named("maintenance")
231
232 timeLeft := expiresAt(oldCert.Leaf).Sub(time.Now().UTC())
233 log.Info("certificate expires soon; queuing for renewal",
234 zap.Strings("identifiers", oldCert.Names),
235 zap.Duration("remaining", timeLeft))
236
237 // Get the name which we should use to renew this certificate;
238 // we only support managing certificates with one name per cert,
239 // so this should be easy.
240 renewName := oldCert.Names[0]
241
242 // queue up this renewal job (is a no-op if already active or queued)
243 jm.Submit(cfg.Logger, "renew_"+renewName, func() error {
244 timeLeft := expiresAt(oldCert.Leaf).Sub(time.Now().UTC())
245 log.Info("attempting certificate renewal",
246 zap.Strings("identifiers", oldCert.Names),
247 zap.Duration("remaining", timeLeft))
248
249 // perform renewal - crucially, this happens OUTSIDE a lock on certCache
250 err := cfg.RenewCertAsync(ctx, renewName, false)
251 if err != nil {
252 if cfg.OnDemand != nil {
253 // loaded dynamically, remove dynamically
254 certCache.mu.Lock()
255 certCache.removeCertificate(oldCert)
256 certCache.mu.Unlock()
257 }
258 return fmt.Errorf("%v %v", oldCert.Names, err)
259 }
260
261 // successful renewal, so update in-memory cache by loading
262 // renewed certificate so it will be used with handshakes
263 _, err = cfg.reloadManagedCertificate(ctx, oldCert)
264 if err != nil {
265 return ErrNoRetry{fmt.Errorf("%v %v", oldCert.Names, err)}
266 }
267 return nil
268 })
269
270 return nil
271}
272
273// updateOCSPStaples updates the OCSP stapling in all
274// eligible, cached certificates.

Callers 1

Calls 7

removeCertificateMethod · 0.95
expiresAtFunction · 0.85
SubmitMethod · 0.80
RenewCertAsyncMethod · 0.80
LockMethod · 0.65
UnlockMethod · 0.65

Tested by

no test coverage detected