ong/acme: certs from memory dont seem to work. - Githubissues

komuw / ong

ong, is a Go http toolkit.

MIT License

16 stars 4 forks source link

ong/acme: certs from memory dont seem to work. #296

Closed komuw closed 1 year ago

komuw commented 1 year ago

After merge of https://github.com/komuw/ong/pull/294, steps to repro.
Deploy site.
curl domain so that tls certs are procured from ACME.(This should also save certs in disk and memory)
Delete the cert from disk
curl site; it should return immediately since certs are in memory. But it doesn't; instead it procures from ACME again

And yet we have this test and it passes; https://github.com/komuw/ong/blob/3153948e1a6ac10c7744ed46356cd1491f1dda50/internal/acme/acme_test.go#L291-L327, what is happening with ACME staging?

komuw commented 1 year ago

The issue is that acme.GetCertificate() is called for every request; https://github.com/komuw/ong/blob/v0.0.58/server/tls_conf.go#L54-L58 and it is, it creates a new acme.manager; https://github.com/komuw/ong/blob/v0.0.58/internal/acme/acme.go#L85

So each request gets a new manager with its own state. Requests do not share state, hence do not share the manager cache.