search

sasa1977 / site_encrypt

Integrated certification via Let's encrypt for Elixir-powered sites
MIT License
462 stars 33 forks source link

Error starting application if phoenix isn't started when using internal directory #40

Open dzfranklin opened 2 years ago

dzfranklin commented 2 years ago

I configure SiteEncrypt like so

@impl SiteEncrypt
def certification do
  SiteEncrypt.configure(
    client: :native,
    db_folder: "/tmp/niss_site_encrypt_db_dev",
    directory_url: {:internal, [port: 4002]},
    domains: ["home.danielzfranklin.org"],
    emails: ["daniel@danielzfranklin.org"]
  )
end

If I run iex -S mix phx.server everything works fine. If my certificate needs to be renewed and I run iex -S mix I see the following

Erlang/OTP 24 [erts-12.0.3] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [jit]

[info] Migrations already up
[info] Generating a temporary self-signed certificate. This certificate will be used until a proper certificate is issued by the CA server.
Interactive Elixir (1.12.2) - press Ctrl+C to exit (type h() ENTER for help)
[info] Creating new account (CA localhost)
iex(1)> [warn] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

[error] Task #PID<0.625.0> started from #PID<0.598.0> terminating
** (MatchError) no match of right hand side value: {:error, %Mint.TransportError{reason: :econnrefused}}
    (site_encrypt 0.4.2) lib/site_encrypt/http_client.ex:38: SiteEncrypt.HttpClient.request/3
    (site_encrypt 0.4.2) lib/site_encrypt/acme/client/api.ex:280: SiteEncrypt.Acme.Client.API.http_request/4
    (site_encrypt 0.4.2) lib/site_encrypt/acme/client/api.ex:89: SiteEncrypt.Acme.Client.API.new_session/3
    (site_encrypt 0.4.2) lib/site_encrypt/acme/client.ex:51: SiteEncrypt.Acme.Client.start_session/3
    (site_encrypt 0.4.2) lib/site_encrypt/acme/client.ex:20: SiteEncrypt.Acme.Client.new_account/2
    (site_encrypt 0.4.2) lib/site_encrypt/certification/native.ex:40: SiteEncrypt.Certification.Native.new_account/2
    (site_encrypt 0.4.2) lib/site_encrypt/certification/job.ex:15: SiteEncrypt.Certification.Job.certify/1
    (site_encrypt 0.4.2) lib/site_encrypt/certification/job.ex:26: SiteEncrypt.Certification.Job.certify_and_apply/1
    (elixir 1.12.2) lib/task/supervised.ex:90: Task.Supervised.invoke_mfa/2
    (stdlib 3.15.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
Function: #Function<0.109640683/0 in SiteEncrypt.Certification.Job.child_spec/1>
    Args: []

This isn't a significant issue, feel free to just close it if you think the fix isn't worth it.

sasa1977 commented 2 years ago

Thanks for the report. I just checked the demo project and I can reproduce it. I think the best option here would be to avoid starting the certification process if the server isn't started.