projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
16552: Rename ACME config options.
[arvados.git] / lib / boot / cert.go
diff --git a/lib/boot/cert.go b/lib/boot/cert.go
index 10fd0aa9f6bc90e0b014145e25bb68d1d496fe9a..175a35080373ae33b56e7b79be14aa7774e38167 100644 (file)
--- a/lib/boot/cert.go
+++ b/lib/boot/cert.go
@@ -36,7 +36,7 @@ func (createCertificates) String() string {
 }
 
 func (createCertificates) Run(ctx context.Context, fail func(error), super *Supervisor) error {
-       if super.cluster.TLS.Automatic {
+       if super.cluster.TLS.ACME.Server != "" {
                return bootAutoCert(ctx, fail, super)
        } else if super.cluster.TLS.Key == "" && super.cluster.TLS.Certificate == "" {
                return createSelfSignedCert(ctx, fail, super)
@@ -78,8 +78,15 @@ func bootAutoCert(ctx context.Context, fail func(error), super *Supervisor) erro
                        }
                },
        }
-       if super.cluster.TLS.Staging {
+       if srv := super.cluster.TLS.ACME.Server; srv == "LE" {
+               // Leaving mgr.Client == nil means use Let's Encrypt
+               // production environment
+       } else if srv == "LE-staging" {
                mgr.Client = &acme.Client{DirectoryURL: stagingDirectoryURL}
+       } else if strings.HasPrefix(srv, "https://") {
+               mgr.Client = &acme.Client{DirectoryURL: srv}
+       } else {
+               return fmt.Errorf("autocert setup: invalid directory URL in TLS.ACME.Server: %q", srv)
        }
        go func() {
                err := http.ListenAndServe(":80", mgr.HTTPHandler(nil))