public async Task <RenewalResult> RenewCertificateAsync( IAcmeOptions options, CertificateRenewalOptions cfg, CancellationToken cancellationToken) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (cfg == null) { throw new ArgumentNullException(nameof(cfg)); } var hostNames = string.Join(";", cfg.HostNames); _logger.LogInformation($"Working on certificate for: {hostNames}"); // 1. check if valid cert exists var cert = await GetExistingCertificateAsync(options, cfg, cancellationToken); bool updateResource = false; if (cert == null) { // 2. run Let's Encrypt challenge as cert either doesn't exist or is expired _logger.LogInformation($"Issuing a new certificate for {hostNames}"); var order = await ValidateOrderAsync(options, cfg, cancellationToken); // 3. save certificate cert = await GenerateAndStoreCertificateAsync(order, cfg, cancellationToken); updateResource = true; } var resource = _renewalOptionParser.ParseTargetResource(cfg); // if no update is required still check with target resource // and only skip if latest cert is already used // this helps if cert issuance worked but resource updated failed // suggestion from https://github.com/MarcStan/lets-encrypt-azure/issues/6 if (!updateResource && (!resource.SupportsCertificateCheck || await resource.IsUsingCertificateAsync(cert, cancellationToken))) { _logger.LogWarning(resource.SupportsCertificateCheck ? $"Resource {resource.Name} ({resource.Type}) is already using latest certificate. Skipping resource update!" : $"Cannot check resource {resource.Name} ({resource.Type}). Assuming it is already using latest certificate. Skipping resource update!"); return(RenewalResult.NoChange); } // 5. update Azure resource _logger.LogInformation($"Updating {resource.Name} ({resource.Type}) with certificates for {hostNames}"); await resource.UpdateAsync(cert, cancellationToken); return(RenewalResult.Success); }
public async Task <RenewalResult> RenewCertificateAsync( IAcmeOptions options, CertificateRenewalOptions cfg, CancellationToken cancellationToken) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (cfg == null) { throw new ArgumentNullException(nameof(cfg)); } var hostNames = string.Join(";", cfg.HostNames); _log.LogInformation($"Working on certificate for: {hostNames}"); // 1. skip if not outdated yet var cert = await GetExistingCertificateAsync(options, cfg, cancellationToken); if (cert != null) { // can usually skip rest, except if override is used if (!cfg.Overrides.UpdateResource) { return(RenewalResult.NoChange); } _log.LogWarning($"Override '{nameof(cfg.Overrides.UpdateResource)}' is enabled. Forcing resource update."); } else { // 2. run Let's Encrypt challenge as cert either doesn't exist or is expired _log.LogInformation($"Issuing a new certificate for {hostNames}"); var order = await ValidateOrderAsync(options, cfg, cancellationToken); // 3. save certificate cert = await GenerateAndStoreCertificateAsync(order, cfg, cancellationToken); } // 4. update Azure resource var resource = _renewalOptionParser.ParseTargetResource(cfg); _log.LogInformation($"Updating {resource.Name} ({resource.Type}) with certificates for {hostNames}"); await resource.UpdateAsync(cert, cancellationToken); return(RenewalResult.Success); }