dnlmlr/le-easy-certs
1
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Increase timeouts

Browse Source
This commit is contained in:
Daniel M 2022-07-28 19:59:36 +02:00
parent a7b349127f
commit 6ce99e7e02
1 changed files with 45 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/certs.rs
View File

@ -6,7 +6,7 @@ use acme2::{
DirectoryBuilder, OrderBuilder, OrderStatus,
};
use log::{debug, info};
use std::{sync::Arc, time::Duration, fmt::Display, collections::HashSet};
use std::{collections::HashSet, fmt::Display, sync::Arc, time::Duration};
use tokio::fs;
#[derive(thiserror::Error, Debug)]
@ -29,6 +29,8 @@ pub enum ReqErr {
Finalizing,
#[error("No certificate chain error")]
NoChain,
#[error("Timeout: {0}")]
Timeout(Box<ReqErr>),
}
/// Convenience extension for X509 information in certs
@ -110,7 +112,10 @@ impl CertRequester {
builder.private_key(key).build().await?
}
Err(_) => {
info!("Account '{}' does not exists. Creating new", &self.conf.account_file);
info!(
"Account '{}' does not exists. Creating new",
&self.conf.account_file
);
let acc = builder.terms_of_service_agreed(true).build().await?;
let key = acc.private_key().private_key_to_pem_pkcs8()?;
fs::write(&self.conf.account_file, &key).await?;
@ -169,7 +174,11 @@ impl CertRequester {
challenge.validate().await.map_err(|_| ReqErr::Validation)?;
let challenge = challenge.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Validation)?;
let challenge = challenge
.wait_done(Duration::from_secs(15), 3)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Validation.into()))?;
if !matches!(challenge.status, ChallengeStatus::Valid) {
return Err(ReqErr::Validation);
}
@ -177,14 +186,22 @@ impl CertRequester {
self.challenge_mgr.remove(&token).await;
debug!("Wait for authorization");
let auth = auth.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Validation)?;
let auth = auth
.wait_done(Duration::from_secs(15), 3)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Validation.into()))?;
if !matches!(auth.status, AuthorizationStatus::Valid) {
return Err(ReqErr::Validation);
}
}
info!("Waiting for order");
let order = order.wait_ready(Duration::from_secs(10), 5).await.map_err(|_| ReqErr::Order)?;
let order = order
.wait_ready(Duration::from_secs(15), 5)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Order.into()))?;
if !matches!(order.status, OrderStatus::Ready) {
return Err(ReqErr::Order);
}
@ -192,19 +209,34 @@ impl CertRequester {
let pkey = gen_rsa_private_key(4096).unwrap();
info!("Finalizing certificate");
let order = order.finalize(Csr::Automatic(pkey.clone())).await.map_err(|_| ReqErr::Finalizing)?;
let order = order.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Finalizing)?;
let order = order
.finalize(Csr::Automatic(pkey.clone()))
.await
.map_err(|_| ReqErr::Finalizing)?;
let order = order
.wait_done(Duration::from_secs(15), 3)
.await
.map_err(|_| ReqErr::Timeout(ReqErr::Finalizing.into()))?;
if !matches!(order.status, OrderStatus::Valid) {
return Err(ReqErr::Finalizing);
}
let certs = order.certificate().await.map_err(|_| ReqErr::Finalizing)?.ok_or(ReqErr::Finalizing)?;
let certs = order
.certificate()
.await
.map_err(|_| ReqErr::Finalizing)?
.ok_or(ReqErr::Finalizing)?;
if certs.len() <= 1 {
return Err(ReqErr::NoChain);
}
info!("The new certificate expires in {} days", certs[0].expires_in_days());
info!(
"The new certificate expires in {} days",
certs[0].expires_in_days()
);
let x = certs
.into_iter()
@ -213,7 +245,9 @@ impl CertRequester {
.chain(pkey.private_key_to_pem_pkcs8().unwrap().into_iter())
.collect::<Vec<u8>>();
tokio::fs::write(&self.conf.fullchain_file, x).await.unwrap();
tokio::fs::write(&self.conf.fullchain_file, x)
.await
.unwrap();
Ok(())
}