-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cached entries are not invalidated on renewal #50
Comments
Thanks @NetForce1 for the report. I'm looking into this now. Could you post your |
I justed tested with the container setup in this repository. This is my reproduction:
I also don't see any invalidation in the code. I would expect it to happen in edit: |
Ahh ok. Thanks for the additional clarification. I was recreating the container ( |
Adding this at the end of
(and import But, I'm not sure this is the cleanest approach, and I also don't know much about how concurrency works in njs. Maybe this can cause a situation where an old certificate is used with a new private key or vice versa. |
We could just clear the cache, but that needs njs 0.8.3: nginx/njs#690. edit: |
Thanks @NetForce1 - This should be fixed with the merge above. I have another PR that is adjacent to this, so you may want to wait for that to be merged before taking the time to update your system. We will do a version bump on njs-acme after that's merged. |
Awesome, thanks! |
@NetForce1 could you email me at z.steinkamp@f5.com? We have some thanks we'd like to send to you. |
Describe the bug
When a certificate is renewed, the cached entries are not invalidated, so the old certificate is still used. And, in the case where a domain name is added to the server block, that old certificate is also used for the new domain name.
To reproduce
Steps to reproduce the behavior:
Expected behavior
The newly issued certificate should be used immediately for both domains.
Your environment
The text was updated successfully, but these errors were encountered: