dnlmlr/le-easy-certs
1
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Increase timeouts

Browse Source
This commit is contained in:
Daniel M 2022-07-28 19:59:36 +02:00
parent a7b349127f
commit 6ce99e7e02
1 changed files with 45 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/certs.rs
View File

@ -6,7 +6,7 @@ use acme2::{
DirectoryBuilder, OrderBuilder, OrderStatus, DirectoryBuilder, OrderBuilder, OrderStatus,
}; };
use log::{debug, info}; use log::{debug, info};
use std::{sync::Arc, time::Duration, fmt::Display, collections::HashSet}; use std::{collections::HashSet, fmt::Display, sync::Arc, time::Duration};
use tokio::fs; use tokio::fs;
#[derive(thiserror::Error, Debug)] #[derive(thiserror::Error, Debug)]
@ -29,6 +29,8 @@ pub enum ReqErr {
Finalizing, Finalizing,
#[error("No certificate chain error")] #[error("No certificate chain error")]
NoChain, NoChain,
#[error("Timeout: {0}")]
Timeout(Box<ReqErr>),
} }
/// Convenience extension for X509 information in certs /// Convenience extension for X509 information in certs
@ -110,7 +112,10 @@ impl CertRequester {
builder.private_key(key).build().await? builder.private_key(key).build().await?
} }
Err(_) => { Err(_) => {
info!("Account '{}' does not exists. Creating new", &self.conf.account_file); info!(
"Account '{}' does not exists. Creating new",
&self.conf.account_file
);
let acc = builder.terms_of_service_agreed(true).build().await?; let acc = builder.terms_of_service_agreed(true).build().await?;
let key = acc.private_key().private_key_to_pem_pkcs8()?; let key = acc.private_key().private_key_to_pem_pkcs8()?;
fs::write(&self.conf.account_file, &key).await?; fs::write(&self.conf.account_file, &key).await?;
@ -169,7 +174,11 @@ impl CertRequester {
challenge.validate().await.map_err(|_| ReqErr::Validation)?; challenge.validate().await.map_err(|_| ReqErr::Validation)?;
let challenge = challenge.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Validation)?; let challenge = challenge
.wait_done(Duration::from_secs(15), 3)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Validation.into()))?;
if !matches!(challenge.status, ChallengeStatus::Valid) { if !matches!(challenge.status, ChallengeStatus::Valid) {
return Err(ReqErr::Validation); return Err(ReqErr::Validation);
} }
@ -177,14 +186,22 @@ impl CertRequester {
self.challenge_mgr.remove(&token).await; self.challenge_mgr.remove(&token).await;
debug!("Wait for authorization"); debug!("Wait for authorization");
let auth = auth.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Validation)?; let auth = auth
.wait_done(Duration::from_secs(15), 3)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Validation.into()))?;
if !matches!(auth.status, AuthorizationStatus::Valid) { if !matches!(auth.status, AuthorizationStatus::Valid) {
return Err(ReqErr::Validation); return Err(ReqErr::Validation);
} }
} }
info!("Waiting for order"); info!("Waiting for order");
let order = order.wait_ready(Duration::from_secs(10), 5).await.map_err(|_| ReqErr::Order)?; let order = order
.wait_ready(Duration::from_secs(15), 5)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Order.into()))?;
if !matches!(order.status, OrderStatus::Ready) { if !matches!(order.status, OrderStatus::Ready) {
return Err(ReqErr::Order); return Err(ReqErr::Order);
} }
@ -192,19 +209,34 @@ impl CertRequester {
let pkey = gen_rsa_private_key(4096).unwrap(); let pkey = gen_rsa_private_key(4096).unwrap();
info!("Finalizing certificate"); info!("Finalizing certificate");
let order = order.finalize(Csr::Automatic(pkey.clone())).await.map_err(|_| ReqErr::Finalizing)?; let order = order
let order = order.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Finalizing)?; .finalize(Csr::Automatic(pkey.clone()))
.await
.map_err(|_| ReqErr::Finalizing)?;
let order = order
.wait_done(Duration::from_secs(15), 3)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Finalizing.into()))?;
if !matches!(order.status, OrderStatus::Valid) { if !matches!(order.status, OrderStatus::Valid) {
return Err(ReqErr::Finalizing); return Err(ReqErr::Finalizing);
} }
let certs = order.certificate().await.map_err(|_| ReqErr::Finalizing)?.ok_or(ReqErr::Finalizing)?; let certs = order
.certificate()
.await
.map_err(|_| ReqErr::Finalizing)?
.ok_or(ReqErr::Finalizing)?;
if certs.len() <= 1 { if certs.len() <= 1 {
return Err(ReqErr::NoChain); return Err(ReqErr::NoChain);
} }
info!("The new certificate expires in {} days", certs[0].expires_in_days()); info!(
"The new certificate expires in {} days",
certs[0].expires_in_days()
);
let x = certs let x = certs
.into_iter() .into_iter()
@ -213,7 +245,9 @@ impl CertRequester {
.chain(pkey.private_key_to_pem_pkcs8().unwrap().into_iter()) .chain(pkey.private_key_to_pem_pkcs8().unwrap().into_iter())
.collect::<Vec<u8>>(); .collect::<Vec<u8>>();
tokio::fs::write(&self.conf.fullchain_file, x).await.unwrap(); tokio::fs::write(&self.conf.fullchain_file, x)
.await
.unwrap();
Ok(()) Ok(())
} }