Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to get cache when using default config? #307

Open
teleclimber opened this issue Aug 30, 2024 · 5 comments
Open

How to get cache when using default config? #307

teleclimber opened this issue Aug 30, 2024 · 5 comments
Labels
question Further information is requested

Comments

@teleclimber
Copy link

What is your question?

I am upgrading to the latest certmagic, and have to adjust my code given the loss of Config.Unmanage(). In my simple use of certmagic I create it using certmagic.NewDefault(), meaning I don't create the cache in my code.

The release notes say I should replace Unmanage with Cache.RemoveManaged(). But I don't have the cache.

I looked at the docs and I don't see a getter for the cache in Config.

What have you already tried?

I could try creating a default cache myself, stashing a pointer to it, and using that when I need to stop managing a cert. But that would defeat the convenience of NewDefault.

I am wondering if I missed something, or if there should maybe be a getter for the Cache in Config. Or it could be exported? It's the only non-exported field in the config.

Bonus: What do you use this package for, and does it help you?

I'm happily using certmagic in my project Dropserver.

https://github.com/teleclimber/Dropserver/blob/9585ea716ba59ddb3feeab09ff10841238be1af0/cmd/ds-host/certificatemanager.go/certificatemanager.go#L108

Thanks!

@teleclimber teleclimber added the question Further information is requested label Aug 30, 2024
@mholt
Copy link
Member

mholt commented Aug 30, 2024

It's unexported to avoid it being changed, etc.

If you have such an advanced use case that you need to remove certs from the cache, why not just make your own cache?

@teleclimber
Copy link
Author

Sure I can understand that this shouldn't get changed. I can totally build my own cache. I was just asking because it seemed weird (as in a step in the wrong direction) that the change to cache.RemoveManaged() has the side effect of preventing use of NewDefault.

But maybe I'm doing this all wrong. In my case users can stop using a subdomain, and as such the certificate should "go away" (deleted and no longer renewed). Is Revoke() what I should be using here? Presumably using cessationOfOperation reason code? I've never "revoked" a cert when I stopped using it, but it seems this is the correct thing to do?

Thanks.

@mholt
Copy link
Member

mholt commented Aug 30, 2024

I guess we could consider putting RemoveManaged() onto the Config instead of the cache... hmm, I'll look into it.

But maybe I'm doing this all wrong. In my case users can stop using a subdomain, and as such the certificate should "go away" (deleted and no longer renewed).

If you don't control the domains (i.e. they are their domains) then you should use on-demand TLS, which will do all this for you 👍

It's unusual to need to stop cert management with the same config otherwise. But I can still look into this if on-demand TLS really isn't the right thing for you.

@teleclimber
Copy link
Author

If you don't control the domains (i.e. they are their domains) then you should use on-demand TLS, which will do all this for you 👍

In Dropserver's case, people run their own instances, and use subdomains of domains that they own. It's not a service that I run where anybody from the public can use it with their domain.

Maybe on-demand TLS would work, but the Dropserver instance knows when a new subdomain is created to serve an app, and when it's deleted. So it seems natural to hook in to those events to create and remove certificates.

@mholt
Copy link
Member

mholt commented Sep 2, 2024

Hm, I see. I'll look into refactoring this when I have a chance 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants