diff --git a/changelog/unreleased/kong/fix-acme-renewal-bug.yml b/changelog/unreleased/kong/fix-acme-renewal-bug.yml new file mode 100644 index 000000000000..bd033c6de975 --- /dev/null +++ b/changelog/unreleased/kong/fix-acme-renewal-bug.yml @@ -0,0 +1,3 @@ +message: "**ACME**: Fixed an issue where the certificate was not successfully renewed during ACME renewal." +type: bugfix +scope: Plugin diff --git a/kong/plugins/acme/api.lua b/kong/plugins/acme/api.lua index 1f0852a1d90d..7323aa432d88 100644 --- a/kong/plugins/acme/api.lua +++ b/kong/plugins/acme/api.lua @@ -125,7 +125,7 @@ return { end, PATCH = function() - ngx_timer_at(0, client.renew_certificate) + ngx_timer_at(0, handler.renew) return kong.response.exit(202, { message = "Renewal process started successfully" }) end, }, diff --git a/kong/plugins/acme/handler.lua b/kong/plugins/acme/handler.lua index 58cf7fa6000a..506ca8cf5ab9 100644 --- a/kong/plugins/acme/handler.lua +++ b/kong/plugins/acme/handler.lua @@ -82,6 +82,9 @@ local function renew(premature) end +ACMEHandler.renew = renew + + function ACMEHandler:init_worker() local worker_id = ngx.worker.id() kong.log.info("acme renew timer started on worker ", worker_id) diff --git a/spec/03-plugins/29-acme/01-client_spec.lua b/spec/03-plugins/29-acme/01-client_spec.lua index 0ab8ef14e1d7..4f0e393cbf8a 100644 --- a/spec/03-plugins/29-acme/01-client_spec.lua +++ b/spec/03-plugins/29-acme/01-client_spec.lua @@ -452,6 +452,18 @@ for _, strategy in ipairs({"off"}) do assert.is_nil(err) assert.is_falsy(renew) end) + + it("calling handler.renew with a false argument should be successful", function() + local handler = require("kong.plugins.acme.handler") + handler:configure({{domains = {"example.com"}}}) + + local original = client.renew_certificate + client.renew_certificate = function (config) + print("mock renew_certificate") + end + handler.renew(false) + client.renew_certificate = original + end) end) end)