From f99f1b5657279ac167afadda9b58c25b0c459c71 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 29 Oct 2019 06:19:26 +0000 Subject: [PATCH] v3.0.4: fix manager.upadet / renewAt --- certificates.js | 67 +++++++++++++++++++++++++++++++++++------------ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 52 insertions(+), 19 deletions(-) diff --git a/certificates.js b/certificates.js index 300a90a..e0aa2b7 100644 --- a/certificates.js +++ b/certificates.js @@ -71,12 +71,18 @@ C._rawGetOrOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) { var evname = pems ? 'cert_renewal' : 'cert_issue'; p.then(function(newPems) { // notify in the background - var renewAt = C._renewableAt(gnlck, mconf, args, newPems); + var renewAt = C._renewWithStagger(gnlck, mconf, args, newPems); gnlck._notify(evname, { renewAt: renewAt, subject: args.subject, altnames: args.altnames }); + gnlck._notify('_cert_issue', { + renewAt: renewAt, + subject: args.subject, + altnames: args.altnames, + pems: newPems + }); }).catch(function(err) { if (!err.context) { err.context = evname; @@ -165,15 +171,6 @@ C._rawOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) { .then(U._attachCertInfo); }) .then(function(pems) { - var renewAt = C._renewableAt(gnlck, mconf, args, pems); - - gnlck._notify('_cert_issue', { - renewAt: renewAt, - subject: args.subject, - altnames: args.altnames, - pems: pems - }); - if (kresult.exists) { return pems; } @@ -269,22 +266,58 @@ C._isStale = function(gnlck, mconf, args, pems) { return false; }; -C._renewableAt = function(gnlck, mconf, args, pems) { - if (args.renewAt) { - return args.renewAt; +C._renewWithStagger = function(gnlck, mconf, args, pems) { + var renewOffset = C._renewOffset(gnlck, mconf, args, pems); + var renewStagger; + try { + renewStagger = U._parseDuration( + args.renewStagger || + mconf.renewStagger || + gnlck._defaults.renewStagger || + 0 + ); + } catch (e) { + renewStagger = U._parseDuration(gnlck._defaults.renewStagger); } - var renewOffset = + // TODO check this beforehand + if (!args.force && renewStagger / renewOffset >= 0.5) { + renewStagger = renewOffset * 0.1; + } + + if (renewOffset > 0) { + // stagger forward, away from issued at + return Math.round( + pems.issuedAt + renewOffset + Math.random() * renewStagger + ); + } + + // stagger backward, toward issued at + return Math.round( + pems.expiresAt + renewOffset - Math.random() * renewStagger + ); +}; +C._renewOffset = function(gnlck, mconf, args, pems) { + var renewOffset = U._parseDuration( args.renewOffset || - mconf.renewOffset || - gnlck._defaults.renewOffset || - 0; + mconf.renewOffset || + gnlck._defaults.renewOffset || + 0 + ); var week = 1000 * 60 * 60 * 24 * 6; if (!args.force && Math.abs(renewOffset) < week) { throw new Error( 'developer error: `renewOffset` should always be at least a week, use `force` to not safety-check renewOffset' ); } + return renewOffset; +}; +C._renewableAt = function(gnlck, mconf, args, pems) { + if (args.renewAt) { + return args.renewAt; + } + + var renewOffset = C._renewOffset(gnlck, mconf, args, pems); if (renewOffset > 0) { return pems.issuedAt + renewOffset; diff --git a/package-lock.json b/package-lock.json index 1a72936..568ab9e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@root/greenlock", - "version": "3.0.3", + "version": "3.0.4", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 7c76e49..7fa46a2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@root/greenlock", - "version": "3.0.3", + "version": "3.0.4", "description": "The easiest Let's Encrypt client for Node.js and Browsers", "homepage": "https://rootprojects.org/greenlock/", "main": "greenlock.js",