vault-acme: sleep in lieu of waiting "properly" for DNS propagation
Once we've seen the TXT record on any nameserver, assume that it'll reach the rest of them within 60 seconds. This is an awful hack because some peculiarities of my setup don't work properly with the upstream lego code.
This commit is contained in:
parent
148e071c21
commit
d2481b1461
2 changed files with 37 additions and 0 deletions
|
@ -19,6 +19,8 @@ buildGoModule rec {
|
|||
sha256 = "sha256:0f3d89j51gcrvpxmlr3psvv9mm6y3rw4hwk3rs4rb3a6rj5yg2iq";
|
||||
};
|
||||
|
||||
patches = [ ./just-add-a-sleep.patch ];
|
||||
|
||||
vendorSha256 = "sha256:07bqapnrf1fdyaxkna14s5calgj71sk2qysigd32hxl673zd06ic";
|
||||
|
||||
subPackages = [
|
||||
|
|
35
nix/pkgs/vault-acme/just-add-a-sleep.patch
Normal file
35
nix/pkgs/vault-acme/just-add-a-sleep.patch
Normal file
|
@ -0,0 +1,35 @@
|
|||
diff --git a/acme/client.go b/acme/client.go
|
||||
index 20f98a9..cc85277 100644
|
||||
--- a/acme/client.go
|
||||
+++ b/acme/client.go
|
||||
@@ -3,6 +3,7 @@ package acme
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
+ "time"
|
||||
|
||||
"github.com/go-acme/lego/v3/certificate"
|
||||
"github.com/go-acme/lego/v3/challenge/dns01"
|
||||
@@ -42,6 +43,22 @@ func setupChallengeProviders(ctx context.Context, logger log.Logger, client *leg
|
||||
nameServer := os.Getenv("LEGO_TEST_NAMESERVER")
|
||||
isTesting := nameServer != ""
|
||||
err = client.Challenge.SetDNS01Provider(provider,
|
||||
+ dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {
|
||||
+ ok, err := check(fqdn, value)
|
||||
+ if !ok || err != nil {
|
||||
+ return ok, err
|
||||
+ }
|
||||
+
|
||||
+ if a.IgnoreDNSPropagation {
|
||||
+ // Just wait 1 minute for stuff to settle...
|
||||
+ const duration = 60 * time.Second
|
||||
+ logger.Info("waiting %v for things to settle", duration)
|
||||
+ time.Sleep(duration)
|
||||
+ logger.Info("done waiting %v for things to settle", duration)
|
||||
+ }
|
||||
+
|
||||
+ return true, nil
|
||||
+ }),
|
||||
dns01.CondOption(isTesting, dns01.AddRecursiveNameservers([]string{nameServer})),
|
||||
dns01.CondOption(a.IgnoreDNSPropagation || isTesting, dns01.DisableCompletePropagationRequirement()))
|
||||
if err != nil {
|
Loading…
Reference in a new issue