fix(acme): fix ACME renewal bug

Using client.renew_certificate directly as the callback function in ngx_timer_at causes the parameter value to not be the plugin's config. KAG-4008
Kong · Mar 28, 2024 · 286eb94 · 286eb94
1 parent 50cd3f5
commit 286eb94
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 1 deletion.
diff --git a/changelog/unreleased/kong/fix-acme-renewal-bug.yml b/changelog/unreleased/kong/fix-acme-renewal-bug.yml
@@ -0,0 +1,3 @@
+message: "**ACME**: Fixed an issue where the certificate was not successfully renewed during ACME renewal."
+type: bugfix
+scope: Plugin
diff --git a/kong/plugins/acme/api.lua b/kong/plugins/acme/api.lua
@@ -125,7 +125,7 @@ return {
     end,
 
     PATCH = function()
-      ngx_timer_at(0, client.renew_certificate)
+      ngx_timer_at(0, handler.renew)
       return kong.response.exit(202, { message = "Renewal process started successfully" })
     end,
   },

diff --git a/kong/plugins/acme/handler.lua b/kong/plugins/acme/handler.lua
@@ -82,6 +82,9 @@ local function renew(premature)
 end
 
 
+ACMEHandler.renew = renew
+
+
 function ACMEHandler:init_worker()
   local worker_id = ngx.worker.id() or -1
   kong.log.info("acme renew timer started on worker ", worker_id)

diff --git a/spec/03-plugins/29-acme/01-client_spec.lua b/spec/03-plugins/29-acme/01-client_spec.lua
@@ -452,6 +452,18 @@ for _, strategy in ipairs({"off"}) do
         assert.is_nil(err)
         assert.is_falsy(renew)
       end)
+
+      it("calling handler.renew with a false argument should be successful", function()
+        local handler = require("kong.plugins.acme.handler")
+        handler:configure({{domains = {"example.com"}}})
+
+        local original = client.renew_certificate
+        client.renew_certificate = function (config)
+          print("mock renew_certificate")
+        end
+        handler.renew(false)
+        client.renew_certificate = original
+      end)
     end)
 
   end)