From 7b33c8db3161d3558147d02f8d7818352e6983b7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 24 Sep 2019 17:04:03 -0700 Subject: [PATCH] tls: Make cert and OCSP check intervals configurable This enables use of ACME CAs that issue shorter-lived certs --- modules/caddytls/tls.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 1f05c1df5..3b54004d1 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -66,6 +66,8 @@ func (t *TLS) Provision(ctx caddy.Context) error { GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) { return t.getConfigForName(cert.Names[0]) }, + OCSPCheckInterval: time.Duration(t.Automation.OCSPCheckInterval), + RenewCheckInterval: time.Duration(t.Automation.RenewCheckInterval), }) // automation/management policies @@ -286,8 +288,10 @@ type Certificate struct { // AutomationConfig designates configuration for the // construction and use of ACME clients. type AutomationConfig struct { - Policies []AutomationPolicy `json:"policies,omitempty"` - OnDemand *OnDemandConfig `json:"on_demand,omitempty"` + Policies []AutomationPolicy `json:"policies,omitempty"` + OnDemand *OnDemandConfig `json:"on_demand,omitempty"` + OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"` + RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"` } // AutomationPolicy designates the policy for automating the