Speed up obtaining Let's Encrypt certificates

This commit is contained in:
Vladimir Shushlin 2019-06-26 11:47:21 +00:00 committed by Nick Thomas
parent dfc1f1dd66
commit 7f85e92ff1
3 changed files with 21 additions and 3 deletions

View file

@ -2,6 +2,14 @@
module PagesDomains
class ObtainLetsEncryptCertificateService
# time for processing validation requests for acme challenges
# 5-15 seconds is usually enough
CHALLENGE_PROCESSING_DELAY = 1.minute.freeze
# time LetsEncrypt ACME server needs to generate the certificate
# no particular SLA, usually takes 10-15 seconds
CERTIFICATE_PROCESSING_DELAY = 1.minute.freeze
attr_reader :pages_domain
def initialize(pages_domain)
@ -14,6 +22,7 @@ module PagesDomains
unless acme_order
::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute
PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id)
return
end
@ -23,6 +32,7 @@ module PagesDomains
case api_order.status
when 'ready'
api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain)
PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
when 'valid'
save_certificate(acme_order.private_key, api_order)
acme_order.destroy!

View file

@ -368,7 +368,7 @@ Settings.cron_jobs['pages_domain_removal_cron_worker']['cron'] ||= '47 0 * * *'
Settings.cron_jobs['pages_domain_removal_cron_worker']['job_class'] = 'PagesDomainRemovalCronWorker'
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/5 * * * *'
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/10 * * * *'
Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['job_class'] = 'PagesDomainSslRenewalCronWorker'
Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({})

View file

@ -34,8 +34,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
end
context 'when there is no acme order' do
it 'creates acme order' do
it 'creates acme order and schedules next step' do
expect_to_create_acme_challenge
expect(PagesDomainSslRenewalWorker).to(
receive(:perform_in).with(described_class::CHALLENGE_PROCESSING_DELAY, pages_domain.id)
.and_return(nil).once
)
service.execute
end
@ -82,8 +86,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
stub_lets_encrypt_order(existing_order.url, 'ready')
end
it 'request certificate' do
it 'request certificate and schedules next step' do
expect(api_order).to receive(:request_certificate).and_call_original
expect(PagesDomainSslRenewalWorker).to(
receive(:perform_in).with(described_class::CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
.and_return(nil).once
)
service.execute
end