search

gamalan / caddy-tlsredis

Redis Storage using for Caddy TLS Data
Apache License 2.0
95 stars 31 forks source link

Error when generating new certificate with plugin v0.2.0-beta.2 and Caddy v2.0.0-rc.3 #6

Closed frenchvandal closed 4 years ago

frenchvandal commented 4 years ago

I added a new domain to my config so this is the first time I generate a new certificate with v0.2.0-beta.2 (my previous ones were generated with v0.2.0-beta.1).

Here is a simple configuration I used for testing purpose:

{
        http_port 80
        https_port 443
        experimental_http3
        debug
        admin 0.0.0.0:2019
        email letsencrypt@example.com
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        storage redis
}

frenchvand.al
route {
teapot
}

The error I get:

caddy    | {"level":"info","ts":1587665948.5634358,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy    | {"level":"info","ts":1587665948.5647736,"logger":"admin","msg":"admin endpoint started","address":"tcp/0.0.0.0:2019","enforce_origin":false,"origins":["0.0.0.0:2019"]}
caddy    | {"level":"info","ts":1587665948.565069,"logger":"caddy.storage.redis","msg":"TLS Storage are using Redis, on redis:6379"}
caddy    | 2020/04/23 18:19:08 [INFO][cache:0xc00065a140] Started certificate maintenance routine
caddy    | {"level":"info","ts":1587665948.5666368,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy    | {"level":"info","ts":1587665948.5667243,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy    | {"level":"info","ts":1587665948.5671484,"logger":"http","msg":"enabling experimental HTTP/3 listener","addr":":443"}
caddy    | {"level":"debug","ts":1587665948.5671947,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":true,"tls":true}
caddy    | {"level":"debug","ts":1587665948.5672204,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
caddy    | {"level":"info","ts":1587665948.5672305,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["frenchvand.al"]}
caddy    | {"level":"info","ts":1587665948.5676467,"logger":"tls","msg":"cleaned up storage units"}
caddy    | {"level":"info","ts":1587665948.568744,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
caddy    | {"level":"info","ts":1587665948.5687575,"msg":"serving initial configuration"}
caddy    | 2020/04/23 18:19:08 [INFO][frenchvand.al] Obtain certificate; acquiring lock...
caddy    | panic: runtime error: invalid memory address or nil pointer dereference
caddy    | [signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1345f3d]
caddy    |
caddy    | goroutine 34 [running]:
caddy    | github.com/bsm/redislock.(*Client).randomToken(0x0, 0x0, 0x0, 0x0, 0x0)
caddy    |      github.com/bsm/redislock@v0.3.0/redislock.go:97 +0x4d
caddy    | github.com/bsm/redislock.(*Client).Obtain(0x0, 0xc000100ea0, 0x54, 0x1a3185c50000, 0x0, 0x0, 0x0, 0x0)
caddy    |      github.com/bsm/redislock@v0.3.0/redislock.go:55 +0x57
caddy    | github.com/gamalan/caddy-tlsredis.RedisStorage.Lock(0xc000129c20, 0x0, 0xc0001277a0, 0xc000379db0, 0xa, 0xc00004201c, 0x5, 0x167ecda, 0x4, 0x1, ...)
caddy    |      github.com/gamalan/caddy-tlsredis@v0.2.0-beta.2/storageredis.go:559 +0x16a
caddy    | github.com/caddyserver/certmagic.obtainLock(0x19b00c0, 0xc00066c000, 0xc00003e910, 0x46, 0xd, 0xc00003e910)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/storage.go:227 +0x49
caddy    | github.com/caddyserver/certmagic.(*Config).obtainWithIssuer(0xc0002d86c0, 0x19a0de0, 0xc000515b80, 0x198d620, 0xc000670480, 0xc00048a5c0, 0xd, 0x0, 0x0, 0x0)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/config.go:379 +0x147
caddy    | github.com/caddyserver/certmagic.(*Config).ObtainCert(0xc0002d86c0, 0x19a0de0, 0xc000515b80, 0xc00048a5c0, 0xd, 0x0, 0x0, 0x0)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/config.go:371 +0x129
caddy    | github.com/caddyserver/certmagic.(*Config).manageOne.func1(0x0, 0x0)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/config.go:308 +0x92
caddy    | github.com/caddyserver/certmagic.(*jobManager).worker(0x2544400)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/async.go:57 +0xb0
caddy    | created by github.com/caddyserver/certmagic.(*jobManager).Submit
caddy    |      github.com/caddyserver/certmagic@v0.10.11/async.go:42 +0x185

I tried with the JSON:

{
    "admin": {
        "listen": "0.0.0.0:2019"
    },
    "apps": {
        "http": {
            "http_port": 80,
            "https_port": 443,
            "servers": {
                "srv0": {
                    "experimental_http3": true,
                    "listen": [
                        ":443"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "handler": "subroute",
                                                    "routes": [
                                                        {
                                                            "handle": [
                                                                {
                                                                    "handler": "teapot"
                                                                }
                                                            ]
                                                        }
                                                    ]
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "match": [
                                {
                                    "host": [
                                        "frenchvand.al"
                                    ]
                                }
                            ],
                            "terminal": true
                        }
                    ]
                }
            }
        },
        "tls": {
            "automation": {
                "policies": [
                    {
                        "issuer": {
                            "ca": "https://acme-staging-v02.api.letsencrypt.org/directory",
                            "email": "letsencrypt@example.com",
                            "module": "acme"
                        }
                    }
                ]
            }
        }
    },
    "logging": {
        "logs": {
            "default": {
                "level": "DEBUG"
            }
        }
    },
    "storage": {
        "address": "redis:6379",
        "aes_key": "caddy-storage-redis",
        "db": 1,
        "host": "redis",
        "key_prefix": "caddytls",
        "module": "redis",
        "password": "",
        "port": "6379",
        "timeout": 5,
        "tls_enabled": false,
        "tls_insecure": true,
        "value_prefix": "caddy-storage-redis"
    }
}

Result:

caddy    | {"level":"info","ts":1587667034.7769825,"msg":"using provided configuration","config_file":"/etc/caddy/caddy.json","config_adapter":""}
caddy    | {"level":"info","ts":1587667034.777655,"logger":"admin","msg":"admin endpoint started","address":"tcp/0.0.0.0:2019","enforce_origin":false,"origins":["0.0.0.0:2019"]}
caddy    | {"level":"info","ts":1587667034.7778275,"logger":"caddy.storage.redis","msg":"TLS Storage are using Redis, on redis:6379"}
caddy    | 2020/04/23 18:37:14 [INFO][cache:0xc000018aa0] Started certificate maintenance routine
caddy    | {"level":"info","ts":1587667034.7882457,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy    | {"level":"info","ts":1587667034.7882688,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy    | {"level":"info","ts":1587667034.7888305,"logger":"tls","msg":"cleaned up storage units"}
caddy    | {"level":"info","ts":1587667034.788945,"logger":"http","msg":"enabling experimental HTTP/3 listener","addr":":443"}
caddy    | {"level":"debug","ts":1587667034.788988,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":true,"tls":true}
caddy    | {"level":"debug","ts":1587667034.7890096,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
caddy    | {"level":"info","ts":1587667034.7890134,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["frenchvand.al"]}
caddy    | {"level":"info","ts":1587667034.789432,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
caddy    | {"level":"info","ts":1587667034.7894473,"msg":"serving initial configuration"}
caddy    | 2020/04/23 18:37:14 [INFO][frenchvand.al] Obtain certificate; acquiring lock...
caddy    | panic: runtime error: invalid memory address or nil pointer dereference
caddy    | [signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1345f3d]
caddy    |
caddy    | goroutine 38 [running]:
caddy    | github.com/bsm/redislock.(*Client).randomToken(0x0, 0x0, 0x0, 0x0, 0x0)
caddy    |      github.com/bsm/redislock@v0.3.0/redislock.go:97 +0x4d
caddy    | github.com/bsm/redislock.(*Client).Obtain(0x0, 0xc0001a48a0, 0x54, 0x1a3185c50000, 0x0, 0x0, 0x0, 0x0)
caddy    |      github.com/bsm/redislock@v0.3.0/redislock.go:55 +0x57
caddy    | github.com/gamalan/caddy-tlsredis.RedisStorage.Lock(0xc000079380, 0x0, 0xc00000f440, 0xc0005866a0, 0xa, 0x1692b5b, 0x9, 0x167ecda, 0x4, 0x0, ...)
caddy    |      github.com/gamalan/caddy-tlsredis@v0.2.0-beta.2/storageredis.go:559 +0x16a
caddy    | github.com/caddyserver/certmagic.obtainLock(0x19b00c0, 0xc00023bb80, 0xc0001322d0, 0x46, 0xd, 0xc0001322d0)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/storage.go:227 +0x49
caddy    | github.com/caddyserver/certmagic.(*Config).obtainWithIssuer(0xc000468f30, 0x19a0de0, 0xc00058a1c0, 0x198d620, 0xc0007265a0, 0xc000587ed0, 0xd, 0x0, 0x0, 0x0)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/config.go:379 +0x147
caddy    | github.com/caddyserver/certmagic.(*Config).ObtainCert(0xc000468f30, 0x19a0de0, 0xc00058a1c0, 0xc000587ed0, 0xd, 0x0, 0x0, 0x7)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/config.go:371 +0x129
caddy    | github.com/caddyserver/certmagic.(*Config).manageOne.func1(0x0, 0x0)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/config.go:308 +0x92
caddy    | github.com/caddyserver/certmagic.(*jobManager).worker(0x2544400)
caddy    |      github.com/caddyserver/certmagic@v0.10.11/async.go:57 +0xb0
caddy    | created by github.com/caddyserver/certmagic.(*jobManager).Submit
caddy    |      github.com/caddyserver/certmagic@v0.10.11/async.go:42 +0x185
caddy exited with code 2

P.S. Generating a new certificate is still all good with v0.2.0-beta.1

I had to remove all the extra options in the JSON, keeping only "storage":{"module":"redis"}

caddy    | {"level":"info","ts":1587668311.438576,"msg":"using provided configuration","config_file":"/etc/caddy/caddy.json","config_adapter":""}
caddy    | {"level":"info","ts":1587668311.439442,"logger":"admin","msg":"admin endpoint started","address":"tcp/0.0.0.0:2019","enforce_origin":false,"origins":["0.0.0.0:2019"]}
caddy    | 2020/04/23 18:58:31 [INFO][cache:0xc0004c4b40] Started certificate maintenance routine
caddy    | {"level":"info","ts":1587668311.4455395,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy    | {"level":"info","ts":1587668311.4462388,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy    | {"level":"info","ts":1587668311.4468472,"logger":"tls","msg":"cleaned up storage units"}
caddy    | {"level":"info","ts":1587668311.4469757,"logger":"http","msg":"enabling experimental HTTP/3 listener","addr":":443"}
caddy    | {"level":"debug","ts":1587668311.4470453,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":true,"tls":true}
caddy    | {"level":"debug","ts":1587668311.4471016,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
caddy    | {"level":"info","ts":1587668311.4471142,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["frenchvand.al"]}
caddy    | {"level":"info","ts":1587668311.4480329,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
caddy    | {"level":"info","ts":1587668311.4483323,"msg":"serving initial configuration"}
caddy    | 2020/04/23 18:58:31 [INFO][frenchvand.al] Obtain certificate; acquiring lock...
caddy    | 2020/04/23 18:58:31 [INFO][frenchvand.al] Obtain: Lock acquired; proceeding...
caddy    | 2020/04/23 18:58:32 [INFO] acme: Registering account for letsencrypt@example.com
caddy    | 2020/04/23 18:58:32 [INFO][frenchvand.al] Waiting on rate limiter...
caddy    | 2020/04/23 18:58:32 [INFO][frenchvand.al] Done waiting
caddy    | 2020/04/23 18:58:32 [INFO] [frenchvand.al] acme: Obtaining bundled SAN certificate given a CSR
caddy    | 2020/04/23 18:58:32 [INFO] [frenchvand.al] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/51165254
caddy    | 2020/04/23 18:58:32 [INFO] [frenchvand.al] acme: Could not find solver for: tls-alpn-01
caddy    | 2020/04/23 18:58:32 [INFO] [frenchvand.al] acme: use http-01 solver
caddy    | 2020/04/23 18:58:32 [INFO] [frenchvand.al] acme: Trying to solve HTTP-01
caddy    | 2020/04/23 18:58:33 [INFO][frenchvand.al] Served key authentication (HTTP challenge)
caddy    | 2020/04/23 18:58:33 [INFO][frenchvand.al] Served key authentication (HTTP challenge)
caddy    | 2020/04/23 18:58:33 [INFO][frenchvand.al] Served key authentication (HTTP challenge)
caddy    | 2020/04/23 18:58:39 [INFO] [frenchvand.al] The server validated our request
caddy    | 2020/04/23 18:58:39 [INFO] [frenchvand.al] acme: Validations succeeded; requesting certificates
caddy    | 2020/04/23 18:58:40 [INFO] [frenchvand.al] Server responded with a certificate.
caddy    | 2020/04/23 18:58:40 [INFO][frenchvand.al] Certificate obtained successfully
caddy    | 2020/04/23 18:58:40 [INFO][frenchvand.al] Obtain: Releasing lock

@mholt in case you have any hint 😄

gamalan commented 4 years ago

I think this is mistake in my part, somehow I forgot to instantiate the locker interface.

gamalan commented 4 years ago

@frenchvandal Already fixed in v0.2.0-beta.3

thanks for the report

frenchvandal commented 4 years ago

Tested OK on my side with a minimal JSON config. I got new certificates stored on Redis for all my domains.