How do I use CacheUnmanagedTLSCertificate correctly?

[mberbero]

What is your question?

I want to use the certificates I purchased in the code below, but the application crashes.

       // my all certmagic settings
    certmagic.Default.Storage = &certmagic.FileStorage{
        Path: "./certs",
    }

    certmagic.DefaultACME.Agreed = true
    certmagic.RateLimitEvents = 5
    certmagic.RateLimitEventsWindow = time.Second * 30

    certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
    if os.Getenv("USE_HTTPS") != "" {
        certmagic.DefaultACME.DisableHTTPChallenge = false
        certmagic.DefaultACME.DisableTLSALPNChallenge = true
    } else {
        certmagic.DefaultACME.DisableTLSALPNChallenge = false
        certmagic.DefaultACME.DisableHTTPChallenge = true
    }

        for _, domainwithssl := range r.GetDomainsWithSsl() {

            // create crt file
            crtFile, err := os.Create("./self-certs/" + domainwithssl.GetUrl() + ".crt")
            if err != nil {
                log.Printf("os.Create: %v", err)
                continue
            }

            // create key file
            keyFile, err := os.Create("./self-certs/" + domainwithssl.GetUrl() + ".key")
            if err != nil {
                log.Printf("os.Create: %v", err)
                continue
            }

            // write crt file
            _, err = crtFile.Write([]byte(domainwithssl.GetCertFile()))
            if err != nil {
                log.Printf("crtFile.Write: %v", err)
                continue
            }

            // write key file
            _, err = keyFile.Write([]byte(domainwithssl.GetKeyFile()))
            if err != nil {
                log.Printf("keyFile.Write: %v", err)
                continue
            }

            cert, err := tls.LoadX509KeyPair("./self-certs/"+domainwithssl.GetUrl()+".crt", "./self-certs/"+domainwithssl.GetUrl()+".key")
            if err != nil {
                log.Printf("tls.LoadX509KeyPair: %v", err)
                continue
            }

            _, err = certmagic.Default.CacheUnmanagedTLSCertificate(ctx, cert, []string{domainwithssl.GetUrl()})
            if err != nil {
                log.Printf("certmagic.Default.CacheUnmanagedTLSCertificate: %v", err)
                continue
            }
        }

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x989a22]

goroutine 6 [running]:
github.com/caddyserver/certmagic.(*Cache).cacheCertificate(0x0, {{{0xc0000948b8, 0x1, 0x1}, {0xc78760, 0xc000499080}, {0x0, 0x0, 0x0}, {0xc0001e6800, ...}, ...}, ...})
        /go/pkg/mod/github.com/caddyserver/certmagic@v0.19.2/cache.go:196 +0x22
github.com/caddyserver/certmagic.(*Config).CacheUnmanagedTLSCertificate(0x13c8a60, {0xe28a08, 0x1406a60}, {{0xc0000948b8, 0x1, 0x1}, {0xc78760, 0xc000499080}, {0x0, 0x0, ...}, ...}, ...)
        /go/pkg/mod/github.com/caddyserver/certmagic@v0.19.2/certificates.go:194 +0x39f

What have you already tried?

I tried using other methods but the error is the same

[mholt]

Did you call certmagic.NewDefault()?

From https://github.com/caddyserver/certmagic?tab=readme-ov-file#defaults:

The default Config value is called certmagic.Default. Change its fields to suit your needs, then call certmagic.NewDefault() when you need a valid Config value. In other words, certmagic.Default is a template and is not valid for use directly.

[mberbero]

Yes, I forgot to add that. But now it uses the wildcard SSL created by letsencrypt, not the SSL I gave it. And I do not use the DNS verification method.

[mholt]

If both certificates match the hostname and satisfy the handshake requirements, why does it matter which one is used? :thinking:

[mholt]

@mberbero Did this get resolved? I want to make sure everything is working OK.

[mberbero]

@mholt I think it's fixed. I couldn't use my own SSL certificate. I think we have to wait 3 months for that.

[mholt]

@mberbero Ok. Sorry about the inconvenience. If there's good reasoning for making a change here, I'm happy to consider it. Just let me know if something pops up. :)