feat(autossl) add challenge_start_delay

fffonion · Jul 21, 2021 · df4ba0b · df4ba0b
1 parent 1c9b2d5
commit df4ba0b
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -356,6 +356,10 @@ default_config = {
   storage_config = {
     shm_name = 'acme',
   },
+  -- the challenge types enabled
+  enabled_challenge_handlers = { 'http-01' },
+  -- time to wait before signaling ACME server to validate in seconds
+  challenge_start_delay = 0,
 }
 ```
 
@@ -368,8 +372,6 @@ for each certificate (4096-bits RSA and 256-bits prime256v1 ECC). Note that
 generating such key will block worker and will be especially noticable on VMs
 where entropy is low.
 
-See also [Storage Adapters](#storage-adapters) below.
-
 Pass config table directly to ACME client as second parameter. The following example
 demonstrates how to use a CA provider other than Let's Encrypt and also set
 the preferred chain.
@@ -385,6 +387,12 @@ resty.acme.autossl.init({
 )
 ```
 
+See also [Storage Adapters](#storage-adapters) below.
+
+When using distributed storage types, it's useful to bump up `challenge_start_delay` to allow
+changes in storage to propogate around. When `challenge_start_delay` is set to 0, no wait
+will be performed before start validating challenges.
+
 ### autossl.get_certkey
 
 **syntax**: *certkey, err = autossl.get_certkey(domain, type?)*

diff --git a/lib/resty/acme/autossl.lua b/lib/resty/acme/autossl.lua
@@ -48,7 +48,10 @@ local default_config = {
   storage_config = {
     shm_name = 'acme',
   },
+  -- the challenge types enabled
   enabled_challenge_handlers = { 'http-01' },
+  -- time to wait before signaling ACME server to validate in seconds
+  challenge_start_delay = 0,
 }
 
 local domain_pkeys = {}
@@ -310,6 +313,11 @@ function AUTOSSL.init(autossl_config, acme_config)
   acme_config.account_email = autossl_config.account_email
   acme_config.enabled_challenge_handlers = autossl_config.enabled_challenge_handlers
 
+  acme_config.challenge_start_callback = function()
+    ngx.sleep(autossl_config.challenge_start_delay)
+    return true
+  end
+
   -- cache in global variable
   domain_key_types = autossl_config.domain_key_types
   domain_key_types_count = #domain_key_types

diff --git a/t/e2e.t b/t/e2e.t
@@ -27,6 +27,8 @@ sub ::make_http_config{
                 domain_whitelist = setmetatable({}, { __index = function()
                     return true
                 end}),
+                -- bump up this slightly in test
+                challenge_start_delay = 5,
             })
         }
         init_worker_by_lua_block {