diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2025-02-23 13:12:08 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-23 13:12:08 +0800 |
| commit | f991807f7ed6940f1ac2a306a00b522b51a1273d (patch) | |
| tree | 7d8b3a6428d1499369234f5ea3ccccea5172a664 /cmd/web_acme.go | |
| parent | 9e75c545598fe8a195f9b69f8e1e8258d50dc8d0 (diff) | |
| download | gitea-f991807f7ed6940f1ac2a306a00b522b51a1273d.tar.gz gitea-f991807f7ed6940f1ac2a306a00b522b51a1273d.zip | |
Try to fix ACME path when renew (#33668)
Try to fix #32191
Diffstat (limited to 'cmd/web_acme.go')
| -rw-r--r-- | cmd/web_acme.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/cmd/web_acme.go b/cmd/web_acme.go index 5daf0f55f2..bca4ae0212 100644 --- a/cmd/web_acme.go +++ b/cmd/web_acme.go @@ -54,10 +54,6 @@ func runACME(listenAddr string, m http.Handler) error { altTLSALPNPort = p } - // FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https" - // Ideally it should migrate to AppDataPath write to "AppDataPath/https" - certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory} - magic := certmagic.NewDefault() // Try to use private CA root if provided, otherwise defaults to system's trust var certPool *x509.CertPool if setting.AcmeCARoot != "" { @@ -67,7 +63,13 @@ func runACME(listenAddr string, m http.Handler) error { log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err) } } - myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{ + // FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https" + // Ideally it should migrate to AppDataPath write to "AppDataPath/https" + // And one more thing, no idea why we should set the global default variables here + // But it seems that the current ACME code needs these global variables to make renew work. + // Otherwise, "renew" will use incorrect storage path + certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory} + certmagic.DefaultACME = certmagic.ACMEIssuer{ CA: setting.AcmeURL, TrustedRoots: certPool, Email: setting.AcmeEmail, @@ -77,8 +79,10 @@ func runACME(listenAddr string, m http.Handler) error { ListenHost: setting.HTTPAddr, AltTLSALPNPort: altTLSALPNPort, AltHTTPPort: altHTTPPort, - }) + } + magic := certmagic.NewDefault() + myACME := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME) magic.Issuers = []certmagic.Issuer{myACME} // this obtains certificates or renews them if necessary |