Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Let'sEncrypt Certs without triggering getting new ones. #91

Closed
mklauber opened this issue Sep 13, 2017 · 2 comments
Closed

Use Let'sEncrypt Certs without triggering getting new ones. #91

mklauber opened this issue Sep 13, 2017 · 2 comments
Milestone

Comments

@mklauber
Copy link
Contributor

Hello, our situation is that we've got 30k+ domains, and we're trying to get things setup for SSL. The problem we're running into is that we're getting so many requests for new domains, that by the time Let's Encrypt checks the challenge url, we've gotten a new request which has replaced the token.

What we'd like to do is setup the ssl_certificate_by_lua_block to use the Let's Encrypt certificate for the domain only if it already exists. Then on a separate port, we'd setup the server that can trigger the Let's Encrypt request. That way we can make the certificate requests one at a time, sequentially.

@mklauber
Copy link
Contributor Author

Looking at the code, it seems like encapsulating https://github.com/GUI/lua-resty-auto-ssl/blob/master/lib/resty/auto-ssl/ssl_certificate.lua#L116 in an if statement would do what I want, but get_cert doesn't get passed ssl_options from do_ssl.

GUI referenced this issue Jan 28, 2018
Generate a new certificate unless ssl_options["generate_certs"] == false
@GUI GUI added this to the v0.12.0 milestone Jan 29, 2018
@GUI
Copy link
Collaborator

GUI commented Feb 5, 2018

Closed by #92 and part of v0.12.0. Thanks!

@GUI GUI closed this as completed Feb 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants