v3.0.4: fix manager.upadet / renewAt

This commit is contained in:
AJ ONeal 2019-10-29 06:19:26 +00:00
parent abb3105cee
commit f99f1b5657
3 changed files with 52 additions and 19 deletions

View File

@ -71,12 +71,18 @@ C._rawGetOrOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) {
var evname = pems ? 'cert_renewal' : 'cert_issue'; var evname = pems ? 'cert_renewal' : 'cert_issue';
p.then(function(newPems) { p.then(function(newPems) {
// notify in the background // notify in the background
var renewAt = C._renewableAt(gnlck, mconf, args, newPems); var renewAt = C._renewWithStagger(gnlck, mconf, args, newPems);
gnlck._notify(evname, { gnlck._notify(evname, {
renewAt: renewAt, renewAt: renewAt,
subject: args.subject, subject: args.subject,
altnames: args.altnames altnames: args.altnames
}); });
gnlck._notify('_cert_issue', {
renewAt: renewAt,
subject: args.subject,
altnames: args.altnames,
pems: newPems
});
}).catch(function(err) { }).catch(function(err) {
if (!err.context) { if (!err.context) {
err.context = evname; err.context = evname;
@ -165,15 +171,6 @@ C._rawOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) {
.then(U._attachCertInfo); .then(U._attachCertInfo);
}) })
.then(function(pems) { .then(function(pems) {
var renewAt = C._renewableAt(gnlck, mconf, args, pems);
gnlck._notify('_cert_issue', {
renewAt: renewAt,
subject: args.subject,
altnames: args.altnames,
pems: pems
});
if (kresult.exists) { if (kresult.exists) {
return pems; return pems;
} }
@ -269,22 +266,58 @@ C._isStale = function(gnlck, mconf, args, pems) {
return false; return false;
}; };
C._renewableAt = function(gnlck, mconf, args, pems) { C._renewWithStagger = function(gnlck, mconf, args, pems) {
if (args.renewAt) { var renewOffset = C._renewOffset(gnlck, mconf, args, pems);
return args.renewAt; var renewStagger;
try {
renewStagger = U._parseDuration(
args.renewStagger ||
mconf.renewStagger ||
gnlck._defaults.renewStagger ||
0
);
} catch (e) {
renewStagger = U._parseDuration(gnlck._defaults.renewStagger);
} }
var renewOffset = // TODO check this beforehand
if (!args.force && renewStagger / renewOffset >= 0.5) {
renewStagger = renewOffset * 0.1;
}
if (renewOffset > 0) {
// stagger forward, away from issued at
return Math.round(
pems.issuedAt + renewOffset + Math.random() * renewStagger
);
}
// stagger backward, toward issued at
return Math.round(
pems.expiresAt + renewOffset - Math.random() * renewStagger
);
};
C._renewOffset = function(gnlck, mconf, args, pems) {
var renewOffset = U._parseDuration(
args.renewOffset || args.renewOffset ||
mconf.renewOffset || mconf.renewOffset ||
gnlck._defaults.renewOffset || gnlck._defaults.renewOffset ||
0; 0
);
var week = 1000 * 60 * 60 * 24 * 6; var week = 1000 * 60 * 60 * 24 * 6;
if (!args.force && Math.abs(renewOffset) < week) { if (!args.force && Math.abs(renewOffset) < week) {
throw new Error( throw new Error(
'developer error: `renewOffset` should always be at least a week, use `force` to not safety-check renewOffset' 'developer error: `renewOffset` should always be at least a week, use `force` to not safety-check renewOffset'
); );
} }
return renewOffset;
};
C._renewableAt = function(gnlck, mconf, args, pems) {
if (args.renewAt) {
return args.renewAt;
}
var renewOffset = C._renewOffset(gnlck, mconf, args, pems);
if (renewOffset > 0) { if (renewOffset > 0) {
return pems.issuedAt + renewOffset; return pems.issuedAt + renewOffset;

2
package-lock.json generated
View File

@ -1,6 +1,6 @@
{ {
"name": "@root/greenlock", "name": "@root/greenlock",
"version": "3.0.3", "version": "3.0.4",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {

View File

@ -1,6 +1,6 @@
{ {
"name": "@root/greenlock", "name": "@root/greenlock",
"version": "3.0.3", "version": "3.0.4",
"description": "The easiest Let's Encrypt client for Node.js and Browsers", "description": "The easiest Let's Encrypt client for Node.js and Browsers",
"homepage": "https://rootprojects.org/greenlock/", "homepage": "https://rootprojects.org/greenlock/",
"main": "greenlock.js", "main": "greenlock.js",