Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert expired checker #2

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Cert expired checker #2

wants to merge 7 commits into from

Conversation

orbitalturtle
Copy link
Owner

Builds on top of #3. This change checks once a day whether the zerossl certificate is expiring in three days. If it is, it regenerates a new one

Also refactors zerossl into an interface to make it easier to mock.

Finally, factors out logic for deleting the temporary certificate into the function DeleteAndRegenerateCert, which we'll also use for deleting/regenerating an expiring certificate. Still working on testing this piece

gkrizek and others added 7 commits March 12, 2021 16:18
@gkrizek
lnencrypt: Moves the crypto functions in the chanbackup package into …
0a9ba4b 
…its own package called lnencrypt

The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them
@gkrizek
config+lnd+cert: Add support in lnd for encrypting the TLS private key.
61991bf 
This commit adds support in lnd to encrypt the TLS private key on disk with the wallet's seed. This obviously causes issues when the wallet is locked. So for the WalletUnlocker RPC we generate ephemeral TLS certificates with the key stored in memory. This feature is enabled with the --tlsencryptkey flag.
@gkrizek
docs: Add documentation for the TLS key encryption flag
5685da1
@gkrizek
Add support for external SSL providers. Also adds support for ZeroSSL…
e73c23e 
… from the beginning
@orbitalturtle
Add gocron dependencies
1ef7b75
@orbitalturtle
Unit test detecting an expired certificate
0bbf1f4
@orbitalturtle
Detect an expired certificate and regenerate it
303ec1e
@orbitalturtle
Copy link
Owner Author

@gkrizek Hey there! I tried to submit this PR to getvoltage/lnd but git wouldn't let me so I just put it here for now. Wanted to check to see if this looks on the right track to you

I think it's mostly done but I'm still working on testing DeleteAndRegenerateCert. For that... I was wondering if you could give me an example output of the full JSON that the download endpoint gives (https://zerossl.com/documentation/api/download-certificate-inline/), since the example they provide doesn't seem to show the whole thing & I guess I can't use the API as a non-paying user :P

@gkrizek
Copy link
Contributor

gkrizek commented Mar 31, 2021

@orbitalturtle Thanks! Ok I'm heading out right now, but I'll review this tonight and get you that response.

@orbitalturtle
Copy link
Owner Author

@gkrizek awesome thanks!

@gkrizek
Copy link
Contributor

gkrizek commented Apr 1, 2021

@orbitalturtle you should also open this PR into the volt-certificate-provider branch so it's cleaner on the diff.

@orbitalturtle
Copy link
Owner Author

@gkrizek Gotcha, here this should be easier to read: voltagecloud/lnd#4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@orbitalturtle @gkrizek