Merge current v2.11 into v3.0

2024-03-12 10:38:29 +01:00 · 2024-03-12 10:38:29 +01:00 · 05be441027
commit 05be441027
parent 6c9687f410 5cf1b95c29
156 changed files with 5826 additions and 8436 deletions
--- a/pkg/provider/acme/challenge_tls.go
+++ b/pkg/provider/acme/challenge_tls.go
@ -2,6 +2,7 @@ package acme

 import (
 	"fmt"
+	"slices"
 	"sync"
 	"time"

@ -119,7 +120,7 @@ func (c *ChallengeTLSALPN) ListenConfiguration(conf dynamic.Configuration) {
 	c.muChans.Lock()

 	for _, certificate := range conf.TLS.Certificates {
-		if !containsACMETLS1(certificate.Stores) {
+		if !slices.Contains(certificate.Stores, tlsalpn01.ACMETLS1Protocol) {
 			continue
 		}

@ -162,13 +163,3 @@ func createMessage(certs map[string]*Certificate) dynamic.Message {

 	return conf
 }
-
-func containsACMETLS1(stores []string) bool {
-	for _, store := range stores {
-		if store == tlsalpn01.ACMETLS1Protocol {
-			return true
-		}
-	}
-
-	return false
-}
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@ -33,9 +33,6 @@ import (

 const resolverSuffix = ".acme"

-// ocspMustStaple enables OCSP stapling as from https://github.com/go-acme/lego/issues/270.
-var ocspMustStaple = false
-
 // Configuration holds ACME configuration provided by users.
 type Configuration struct {
 	Email                string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"`
@ -427,7 +424,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {

 						if len(route.TLS.Domains) > 0 {
 							domains := deleteUnnecessaryDomains(ctxRouter, route.TLS.Domains)
-							for i := 0; i < len(domains); i++ {
+							for i := range len(domains) {
 								domain := domains[i]
 								safe.Go(func() {
 									dom, cert, err := p.resolveCertificate(ctx, domain, traefiktls.DefaultTLSStoreName)
@ -464,7 +461,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {

 						if len(route.TLS.Domains) > 0 {
 							domains := deleteUnnecessaryDomains(ctxRouter, route.TLS.Domains)
-							for i := 0; i < len(domains); i++ {
+							for i := range len(domains) {
 								domain := domains[i]
 								safe.Go(func() {
 									dom, cert, err := p.resolveCertificate(ctx, domain, traefiktls.DefaultTLSStoreName)
@ -585,7 +582,6 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri
 	request := certificate.ObtainRequest{
 		Domains:        domains,
 		Bundle:         true,
-		MustStaple:     ocspMustStaple,
 		PreferredChain: p.PreferredChain,
 	}

@ -630,7 +626,6 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
 	request := certificate.ObtainRequest{
 		Domains:        domains,
 		Bundle:         true,
-		MustStaple:     ocspMustStaple,
 		PreferredChain: p.PreferredChain,
 	}

@ -821,11 +816,18 @@ func (p *Provider) renewCertificates(ctx context.Context, renewPeriod time.Durat

 		logger.Info().Msgf("Renewing certificate from LE : %+v", cert.Domain)

-		renewedCert, err := client.Certificate.Renew(certificate.Resource{
+		res := certificate.Resource{
 			Domain:      cert.Domain.Main,
 			PrivateKey:  cert.Key,
 			Certificate: cert.Certificate.Certificate,
-		}, true, ocspMustStaple, p.PreferredChain)
+		}
+
+		opts := &certificate.RenewOptions{
+			Bundle:         true,
+			PreferredChain: p.PreferredChain,
+		}
+
+		renewedCert, err := client.Certificate.RenewWithOptions(res, opts)
 		if err != nil {
 			logger.Error().Err(err).Msgf("Error renewing certificate from LE: %v", cert.Domain)
 			continue