aboutsummaryrefslogtreecommitdiff
path: root/src/cert_store.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert_store.rs')
-rw-r--r--src/cert_store.rs13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/cert_store.rs b/src/cert_store.rs
index eca39b9..a2f67ec 100644
--- a/src/cert_store.rs
+++ b/src/cert_store.rs
@@ -87,6 +87,9 @@ impl CertStore {
info!("Renewing certificate for {}", domain);
// ---- Acquire lock ----
+ // the lock is acquired for fifteen minutes,
+ // so that in case of an error we won't retry before
+ // that delay expires
let lock_path = format!("renew_lock/{}", domain);
let lock_name = format!("tricot/renew:{}@{}", domain, self.consul.local_node.clone());
@@ -94,12 +97,14 @@ impl CertStore {
.consul
.create_session(&ConsulSessionRequest {
name: lock_name.clone(),
- node: Some(self.consul.local_node.clone()),
- lock_delay: Some("30s".into()),
- ttl: Some("1m".into()),
+ node: None,
+ lock_delay: Some("15m".into()),
+ ttl: Some("30m".into()),
behavior: Some("delete".into()),
})
.await?;
+ debug!("Lock session: {}", session);
+
if !self
.consul
.acquire(&lock_path, lock_name.clone().into(), &session)
@@ -141,7 +146,7 @@ impl CertStore {
let chall = auths[0].http_challenge().unwrap();
let chall_key = format!("challenge/{}", chall.http_token());
self.consul
- .kv_put(&chall_key, chall.http_proof()?.into())
+ .acquire(&chall_key, chall.http_proof()?.into(), &session)
.await?;
info!("Validating challenge");