fix: setup registration error

fgouteroux · Jan 15, 2025 · cce7eb1 · cce7eb1
1 parent 1fa1271
commit cce7eb1
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/certstore/account.go b/certstore/account.go
@@ -84,7 +84,7 @@ func tryRecoverRegistration(privateKey crypto.PrivateKey, caDirURL, userAgent st
 	return client, reg, nil
 }
 
-func Setup(logger log.Logger, cfg config.Config) error {
+func Setup(logger log.Logger, cfg config.Config, version string) error {
 	for issuer, issuerConf := range cfg.Issuer {
 		accountFilePath := fmt.Sprintf("%s/%s/account.json", cfg.Common.RootPathAccount, issuer)
 		accountBytes, err := os.ReadFile(filepath.Clean(accountFilePath))
@@ -98,25 +98,30 @@ func Setup(logger log.Logger, cfg config.Config) error {
 				_ = level.Error(logger).Log("err", err)
 			}
 		}
+		privateKeyPath := fmt.Sprintf("%s/%s/private_key.pem", cfg.Common.RootPathAccount, issuer)
 
-		privateKeyBytes, err := os.ReadFile(fmt.Sprintf("%s/%s/private_key.pem", cfg.Common.RootPathAccount, issuer))
+		privateKeyBytes, err := os.ReadFile(privateKeyPath)
 		if err != nil {
 			_ = level.Error(logger).Log("err", err)
 			return err
 		}
-		privateKey, err := certcrypto.ParsePEMPrivateKey(privateKeyBytes)
+		account.key, err = certcrypto.ParsePEMPrivateKey(privateKeyBytes)
 		if err != nil {
 			_ = level.Error(logger).Log("err", err)
 			return err
 		}
-		account.key = privateKey
 
-		userAgent := fmt.Sprintf("acme-manager/%s", "1.0")
+		userAgent := fmt.Sprintf("acme-manager/%s", version)
 
 		if account.Registration == nil || account.Registration.Body.Status == "" {
-			client, reg, err := tryRecoverRegistration(privateKey, issuerConf.CADirURL, userAgent)
+			_ = level.Info(logger).Log("msg", fmt.Sprintf("Trying to recover registration account for private key '%s'", privateKeyPath))
+			client, reg, err := tryRecoverRegistration(account.key, issuerConf.CADirURL, userAgent)
 			if err != nil {
+				_ = level.Error(logger).Log("err", err)
+				return fmt.Errorf("Unable to recover registration account for private key '%s'", privateKeyPath)
+			}
 
+			if reg == nil {
 				if issuerConf.EAB {
 					reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
 						TermsOfServiceAgreed: true,

diff --git a/certstore/watcher.go b/certstore/watcher.go
@@ -22,7 +22,7 @@ import (
 	"gopkg.in/yaml.v3"
 )
 
-func WatchConfigFileChanges(logger log.Logger, interval time.Duration, configPath string) {
+func WatchConfigFileChanges(logger log.Logger, interval time.Duration, configPath, version string) {
 	// create a new Ticker
 	tk := time.NewTicker(interval)
 
@@ -52,7 +52,7 @@ func WatchConfigFileChanges(logger log.Logger, interval time.Duration, configPat
 		if string(oldConfigBytes) != string(newConfigBytes) {
 			_ = level.Info(logger).Log("msg", "modified file", "name", configPath)
 
-			err = Setup(logger, cfg)
+			err = Setup(logger, cfg, version)
 			if err != nil {
 				_ = level.Error(logger).Log("msg", fmt.Sprintf("Ignoring issuer changes in file %s because of error", configPath), "err", err)
 				metrics.SetConfigError(1)

diff --git a/main.go b/main.go
@@ -210,7 +210,7 @@ func main() {
 		Logger:     logger,
 	}
 
-	err = certstore.Setup(logger, cfg)
+	err = certstore.Setup(logger, cfg, version.Version)
 	if err != nil {
 		_ = level.Error(logger).Log("err", err)
 		os.Exit(1)
@@ -270,7 +270,7 @@ func main() {
 	}
 
 	// check config file changes
-	go certstore.WatchConfigFileChanges(logger, *checkConfigInterval, *configPath)
+	go certstore.WatchConfigFileChanges(logger, *checkConfigInterval, *configPath, version.Version)
 
 	http.Handle("/", indexHandler("", indexPage))
 	http.HandleFunc("/ring/leader", func(w http.ResponseWriter, req *http.Request) {