Speed up obtaining Let's Encrypt certificates
This commit is contained in:
Vladimir Shushlin
Nick Thomas
parent
dfc1f1dd66
commit
7f85e92ff1
3 changed files with 21 additions and 3 deletions
|
|
@ -2,6 +2,14 @@
|
|||
|
||||
module PagesDomains
|
||||
class ObtainLetsEncryptCertificateService
|
||||
# time for processing validation requests for acme challenges
|
||||
# 5-15 seconds is usually enough
|
||||
CHALLENGE_PROCESSING_DELAY = 1.minute.freeze
|
||||
|
||||
# time LetsEncrypt ACME server needs to generate the certificate
|
||||
# no particular SLA, usually takes 10-15 seconds
|
||||
CERTIFICATE_PROCESSING_DELAY = 1.minute.freeze
|
||||
|
||||
attr_reader :pages_domain
|
||||
|
||||
def initialize(pages_domain)
|
||||
|
|
@ -14,6 +22,7 @@ module PagesDomains
|
|||
|
||||
unless acme_order
|
||||
::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute
|
||||
PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id)
|
||||
return
|
||||
end
|
||||
|
||||
|
|
@ -23,6 +32,7 @@ module PagesDomains
|
|||
case api_order.status
|
||||
when 'ready'
|
||||
api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain)
|
||||
PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
|
||||
when 'valid'
|
||||
save_certificate(acme_order.private_key, api_order)
|
||||
acme_order.destroy!
|
||||
|
|
|
|||
|
|
@ -368,7 +368,7 @@ Settings.cron_jobs['pages_domain_removal_cron_worker']['cron'] ||= '47 0 * * *'
|
|||
Settings.cron_jobs['pages_domain_removal_cron_worker']['job_class'] = 'PagesDomainRemovalCronWorker'
|
||||
|
||||
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker'] ||= Settingslogic.new({})
|
||||
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/5 * * * *'
|
||||
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/10 * * * *'
|
||||
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['job_class'] = 'PagesDomainSslRenewalCronWorker'
|
||||
|
||||
Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({})
|
||||
|
|
|
|||
|
|
@ -34,8 +34,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
|
|||
end
|
||||
|
||||
context 'when there is no acme order' do
|
||||
it 'creates acme order' do
|
||||
it 'creates acme order and schedules next step' do
|
||||
expect_to_create_acme_challenge
|
||||
expect(PagesDomainSslRenewalWorker).to(
|
||||
receive(:perform_in).with(described_class::CHALLENGE_PROCESSING_DELAY, pages_domain.id)
|
||||
.and_return(nil).once
|
||||
)
|
||||
|
||||
service.execute
|
||||
end
|
||||
|
|
@ -82,8 +86,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
|
|||
stub_lets_encrypt_order(existing_order.url, 'ready')
|
||||
end
|
||||
|
||||
it 'request certificate' do
|
||||
it 'request certificate and schedules next step' do
|
||||
expect(api_order).to receive(:request_certificate).and_call_original
|
||||
expect(PagesDomainSslRenewalWorker).to(
|
||||
receive(:perform_in).with(described_class::CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
|
||||
.and_return(nil).once
|
||||
)
|
||||
|
||||
service.execute
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue