summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/xenolf/lego/acme/client.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/xenolf/lego/acme/client.go')
-rw-r--r--vendor/github.com/xenolf/lego/acme/client.go17
1 files changed, 17 insertions, 0 deletions
diff --git a/vendor/github.com/xenolf/lego/acme/client.go b/vendor/github.com/xenolf/lego/acme/client.go
index ef0f80b7f..bcb844371 100644
--- a/vendor/github.com/xenolf/lego/acme/client.go
+++ b/vendor/github.com/xenolf/lego/acme/client.go
@@ -330,6 +330,10 @@ DNSNames:
challenges, failures := c.getChallenges(domains)
// If any challenge fails - return. Do not generate partial SAN certificates.
if len(failures) > 0 {
+ for _, auth := range challenges {
+ c.disableAuthz(auth)
+ }
+
return CertificateResource{}, failures
}
@@ -373,6 +377,10 @@ func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto
challenges, failures := c.getChallenges(domains)
// If any challenge fails - return. Do not generate partial SAN certificates.
if len(failures) > 0 {
+ for _, auth := range challenges {
+ c.disableAuthz(auth)
+ }
+
return CertificateResource{}, failures
}
@@ -493,10 +501,12 @@ func (c *Client) solveChallenges(challenges []authorizationResource) map[string]
// TODO: do not immediately fail if one domain fails to validate.
err := solver.Solve(authz.Body.Challenges[i], authz.Domain)
if err != nil {
+ c.disableAuthz(authz)
failures[authz.Domain] = err
}
}
} else {
+ c.disableAuthz(authz)
failures[authz.Domain] = fmt.Errorf("[%s] acme: Could not determine solvers", authz.Domain)
}
}
@@ -586,6 +596,13 @@ func logAuthz(authz []authorizationResource) {
}
}
+// cleanAuthz loops through the passed in slice and disables any auths which are not "valid"
+func (c *Client) disableAuthz(auth authorizationResource) error {
+ var disabledAuth authorization
+ _, err := postJSON(c.jws, auth.AuthURL, deactivateAuthMessage{Resource: "authz", Status: "deactivated"}, &disabledAuth)
+ return err
+}
+
func (c *Client) requestCertificate(authz []authorizationResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) {
if len(authz) == 0 {
return CertificateResource{}, errors.New("Passed no authorizations to requestCertificate!")
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-02 00:51:46 +0000