X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cd9e72bd95b32203231f6ccc96ddce9325b30a95..0f5b0542513b572959e39400bae42e69aeb1a7b6:/lib/boot/cert.go

diff --git a/lib/boot/cert.go b/lib/boot/cert.go
index 10fd0aa9f6..175a350803 100644
--- a/lib/boot/cert.go
+++ b/lib/boot/cert.go
@@ -36,7 +36,7 @@ func (createCertificates) String() string {
 }
 
 func (createCertificates) Run(ctx context.Context, fail func(error), super *Supervisor) error {
-	if super.cluster.TLS.Automatic {
+	if super.cluster.TLS.ACME.Server != "" {
 		return bootAutoCert(ctx, fail, super)
 	} else if super.cluster.TLS.Key == "" && super.cluster.TLS.Certificate == "" {
 		return createSelfSignedCert(ctx, fail, super)
@@ -78,8 +78,15 @@ func bootAutoCert(ctx context.Context, fail func(error), super *Supervisor) erro
 			}
 		},
 	}
-	if super.cluster.TLS.Staging {
+	if srv := super.cluster.TLS.ACME.Server; srv == "LE" {
+		// Leaving mgr.Client == nil means use Let's Encrypt
+		// production environment
+	} else if srv == "LE-staging" {
 		mgr.Client = &acme.Client{DirectoryURL: stagingDirectoryURL}
+	} else if strings.HasPrefix(srv, "https://") {
+		mgr.Client = &acme.Client{DirectoryURL: srv}
+	} else {
+		return fmt.Errorf("autocert setup: invalid directory URL in TLS.ACME.Server: %q", srv)
 	}
 	go func() {
 		err := http.ListenAndServe(":80", mgr.HTTPHandler(nil))