Increase debug level of ACME operations

a34f7fd3 · ale · 2b18f1fc · a34f7fd3
Commit a34f7fd3 authored 4 years ago by ale
--- a/node/acme/manager.go
+++ b/node/acme/manager.go
@@ -27,7 +27,7 @@ const (
 var (
 	checkIntervalSeconds = 9600
 	renewalTimeout       = 1800 * time.Second
-	renewalDays          = 7
+	renewalDays          = 15
 )
 type Cert struct {
@@ -87,10 +87,11 @@ func NewManager(ctx context.Context, cli *clientv3.Client, email, directoryURL s
 	}
 	// Try to fetch the existing certificate from etcd, or
-	// generate a self-signed one.
+	// generate a self-signed one. fetchCert can independently
+	// return a nil certificate or a nil error.
 	cert, rev, err := fetchCert(ctx, cli, certPath)
 	if err != nil {
-		log.Printf("error fetching certificate: %v", err)
+		log.Printf("acme: error fetching certificate: %v", err)
 	}
 	if cert == nil {
 		cert, err = makeSelfSignedCert(certNames)
@@ -128,15 +129,21 @@ func (m *Manager) setCert(cert *Cert) error {
 	m.cert = cert
 	m.tlsCert = tlsCert
 	m.renewalDeadline = cert.NotAfter().AddDate(0, 0, -renewalDays)
+	log.Printf("acme: updated certificate (renewal deadline: %s)", m.renewalDeadline.Format(time.Stamp))
 	m.mx.Unlock()
 	return nil
 }
-func (m *Manager) shouldRenew() bool {
+func (m *Manager) shouldRenew() (bool, string) {
 	m.mx.RLock()
 	defer m.mx.RUnlock()
-	return time.Now().After(m.renewalDeadline) || !listsEqual(m.cert.Names, m.names)
+	if time.Now().After(m.renewalDeadline) {
+		return true, fmt.Sprintf("met renewal deadline %s", m.renewalDeadline.Format(time.Stamp))
+	} else if !listsEqual(m.cert.Names, m.names) {
+		return true, fmt.Sprintf("name list changed (actual: %v, desired: %v)", m.cert.Names, m.names)
+	}
+	return false, ""
 }
 func (m *Manager) renewLoop(ctx context.Context) {
@@ -144,12 +151,12 @@ func (m *Manager) renewLoop(ctx context.Context) {
 	time.Sleep(time.Duration(mrand.Intn(300)) * time.Second)
 	for {
-		if m.shouldRenew() {
+		if renew, reason := m.shouldRenew(); renew {
-			log.Printf("attempting to renew SSL certificate...")
+			log.Printf("acme: attempting to renew SSL certificate: %s", reason)
 			if err := m.renew(ctx); err != nil {
-				log.Printf("renewal failed: %v", err)
+				log.Printf("acme: certificate renewal failed: %v", err)
 			} else {
-				log.Printf("successfully renewed SSL certificate")
+				log.Printf("acme: successfully renewed SSL certificate")
 			}
 		}
@@ -203,12 +210,12 @@ func (m *Manager) watchOnce(ctx context.Context, path string, rev int64) error {
 			}
 			var cert Cert
 			if err := json.Unmarshal(ev.Kv.Value, &cert); err != nil {
-				log.Printf("error unmarshaling cert: %v", err)
+				log.Printf("acme: error unmarshaling cert: %v", err)
 				continue
 			}
 			if err := m.setCert(&cert); err != nil {
-				log.Printf("error reading saved cert: %v", err)
+				log.Printf("acme: error reading saved cert: %v", err)
 			}
 		}
 	}
@@ -223,17 +230,17 @@ func (m *Manager) watch(ctx context.Context, path string, rev int64) {
 		if err == context.Canceled {
 			return
 		} else if err != nil {
-			log.Printf("watcher error: %s: %v", path, err)
+			log.Printf("acme: watcher error: %s: %v", path, err)
 		}
 		time.Sleep(watcherErrDelay)
 		cert, newRev, err := fetchCert(ctx, m.cli, path)
 		if err != nil {
-			log.Printf("fetch error: %s: %v", path, err)
+			log.Printf("acme: fetch error: %s: %v", path, err)
 		} else if cert != nil {
 			if err := m.setCert(cert); err != nil {
-				log.Printf("error reading saved cert: %v", err)
+				log.Printf("acme: error reading saved cert: %v", err)
 			}
 			rev = newRev
 		}