public async Task <RenewalResult> RenewCertificateAsync(
IAcmeOptions options,
CertificateRenewalOptions cfg,
CancellationToken cancellationToken)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (cfg == null)
{
throw new ArgumentNullException(nameof(cfg));
}
var hostNames = string.Join(";", cfg.HostNames);
_logger.LogInformation($"Working on certificate for: {hostNames}");
// 1. check if valid cert exists
var cert = await GetExistingCertificateAsync(options, cfg, cancellationToken);
bool updateResource = false;
if (cert == null)
{
// 2. run Let's Encrypt challenge as cert either doesn't exist or is expired
_logger.LogInformation($"Issuing a new certificate for {hostNames}");
var order = await ValidateOrderAsync(options, cfg, cancellationToken);
// 3. save certificate
cert = await GenerateAndStoreCertificateAsync(order, cfg, cancellationToken);
updateResource = true;
}
var resource = _renewalOptionParser.ParseTargetResource(cfg);
// if no update is required still check with target resource
// and only skip if latest cert is already used
// this helps if cert issuance worked but resource updated failed
// suggestion from https://github.com/MarcStan/lets-encrypt-azure/issues/6
if (!updateResource &&
(!resource.SupportsCertificateCheck ||
await resource.IsUsingCertificateAsync(cert, cancellationToken)))
{
_logger.LogWarning(resource.SupportsCertificateCheck ?
$"Resource {resource.Name} ({resource.Type}) is already using latest certificate. Skipping resource update!" :
$"Cannot check resource {resource.Name} ({resource.Type}). Assuming it is already using latest certificate. Skipping resource update!");
return(RenewalResult.NoChange);
}
// 5. update Azure resource
_logger.LogInformation($"Updating {resource.Name} ({resource.Type}) with certificates for {hostNames}");
await resource.UpdateAsync(cert, cancellationToken);
return(RenewalResult.Success);
}
public async Task <RenewalResult> RenewCertificateAsync(
IAcmeOptions options,
CertificateRenewalOptions cfg,
CancellationToken cancellationToken)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (cfg == null)
{
throw new ArgumentNullException(nameof(cfg));
}
var hostNames = string.Join(";", cfg.HostNames);
_log.LogInformation($"Working on certificate for: {hostNames}");
// 1. skip if not outdated yet
var cert = await GetExistingCertificateAsync(options, cfg, cancellationToken);
if (cert != null)
{
// can usually skip rest, except if override is used
if (!cfg.Overrides.UpdateResource)
{
return(RenewalResult.NoChange);
}
_log.LogWarning($"Override '{nameof(cfg.Overrides.UpdateResource)}' is enabled. Forcing resource update.");
}
else
{
// 2. run Let's Encrypt challenge as cert either doesn't exist or is expired
_log.LogInformation($"Issuing a new certificate for {hostNames}");
var order = await ValidateOrderAsync(options, cfg, cancellationToken);
// 3. save certificate
cert = await GenerateAndStoreCertificateAsync(order, cfg, cancellationToken);
}
// 4. update Azure resource
var resource = _renewalOptionParser.ParseTargetResource(cfg);
_log.LogInformation($"Updating {resource.Name} ({resource.Type}) with certificates for {hostNames}");
await resource.UpdateAsync(cert, cancellationToken);
return(RenewalResult.Success);
}
