https: Wait as long as possible to create ACME client at startup (fixes #617)

09a7af8c · Matthew Holt · ecf913e5 · 09a7af8c
Commit 09a7af8c authored Feb 19, 2016 by Matthew Holt
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 4 deletions

caddy/https/https.go caddy/https/https.go +14 -4

No files found.
--- a/caddy/https/https.go
+++ b/caddy/https/https.go
@@ -117,16 +117,26 @@ func ObtainCerts(configs []server.Config, allowPrompts, proxyACME bool) error {
 	groupedConfigs := groupConfigsByEmail(configs, allowPrompts)
 	for email, group := range groupedConfigs {
-		client, err := NewACMEClient(email, allowPrompts)
+		// Wait as long as we can before creating the client, because it
-		if err != nil {
+		// may not be needed, for example, if we already have what we
-			return errors.New("error creating client: " + err.Error())
+		// need on disk. Creating a client involves the network and
-		}
+		// potentially prompting the user, etc., so only do if necessary.
+		var client *ACMEClient
 		for _, cfg := range group {
 			if cfg.Host == "" || existingCertAndKey(cfg.Host) {
 				continue
 			}
+			// Now we definitely do need a client
+			if client == nil {
+				var err error
+				client, err = NewACMEClient(email, allowPrompts)
+				if err != nil {
+					return errors.New("error creating client: " + err.Error())
+				}
+			}
 			// c.Configure assumes that allowPrompts == !proxyACME,
 			// but that's not always true. For example, a restart where
 			// the user isn't present and we're not listening on port 80.