From ac96455a9a6ac34eb8ea95339838038e725f5bee Mon Sep 17 00:00:00 2001 From: bit Date: Wed, 23 Nov 2022 18:48:37 +0000 Subject: [PATCH] admin: fix certificate renewal for admin (#5169) certmagic.New takes a template and returns pointer to the new config. GetConfigForCert later must return a pointer to the new config not the template. fixes #5162 --- admin.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/admin.go b/admin.go index db46e713..4b107ad0 100644 --- a/admin.go +++ b/admin.go @@ -572,12 +572,13 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { } func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) *certmagic.Config { + var cmCfg *certmagic.Config if ident == nil { // user might not have configured identity; that's OK, we can still make a // certmagic config, although it'll be mostly useless for remote management ident = new(IdentityConfig) } - cmCfg := &certmagic.Config{ + template := certmagic.Config{ Storage: DefaultStorage, // do not act as part of a cluster (this is for the server's local identity) Logger: logger, Issuers: ident.issuers, @@ -589,7 +590,8 @@ func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) }, }) } - return certmagic.New(identityCertCache, *cmCfg) + cmCfg = certmagic.New(identityCertCache, template) + return cmCfg } // IdentityCredentials returns this instance's configured, managed identity credentials