Export interface for GetRenewalInfo

We can't assume the ARI-supporting issuer types are exactly *ACMEIssuer; they may be implemented by third party packages (such as caddytls.ACMEIssuer).

Author: mholt

acmeclient.go

@@ -235,7 +235,8 @@ func (iss *ACMEIssuer) newBasicACMEClient() (*acmez.Client, error) {
 	}, nil
 }
 
-func (iss *ACMEIssuer) getRenewalInfo(ctx context.Context, cert Certificate) (acme.RenewalInfo, error) {
+// GetRenewalInfo gets the ACME Renewal Information (ARI) for the certificate.
+func (iss *ACMEIssuer) GetRenewalInfo(ctx context.Context, cert Certificate) (acme.RenewalInfo, error) {
 	acmeClient, err := iss.newBasicACMEClient()
 	if err != nil {
 		return acme.RenewalInfo{}, err
@@ -312,6 +313,15 @@ func buildUAString() string {
 	return ua
 }
 
+// RenewalInfoGetter is a type that can get ACME Renewal Information (ARI).
+// Users of this package that wrap the ACMEIssuer or use any other issuer
+// that supports ARI will need to implement this so that CertMagic can
+// update ARI which happens outside the normal issuance flow and is thus
+// not required by the Issuer interface (a type assertion is performed).
+type RenewalInfoGetter interface {
+	GetRenewalInfo(context.Context, Certificate) (acme.RenewalInfo, error)
+}
+
 // These internal rate limits are designed to prevent accidentally
 // firehosing a CA's ACME endpoints. They are not intended to
 // replace or replicate the CA's actual rate limits.

maintain.go

@@ -509,8 +509,8 @@ func (cfg *Config) updateARI(ctx context.Context, cert Certificate, logger *zap.
 
 	// of the issuers configured, hopefully one of them is the ACME CA we got the cert from
 	for _, iss := range cfg.Issuers {
-		if acmeIss, ok := iss.(*ACMEIssuer); ok {
-			newARI, err = acmeIss.getRenewalInfo(ctx, cert) // be sure to use existing newARI variable so we can compare against old value in the defer
+		if ariGetter, ok := iss.(RenewalInfoGetter); ok {
+			newARI, err = ariGetter.GetRenewalInfo(ctx, cert) // be sure to use existing newARI variable so we can compare against old value in the defer
 			if err != nil {
 				// could be anything, but a common error might simply be the "wrong" ACME CA
 				// (meaning, different from the one that issued the cert, thus the only one
@@ -576,7 +576,7 @@ func (cfg *Config) updateARI(ctx context.Context, cert Certificate, logger *zap.
 		}
 	}
 
-	err = fmt.Errorf("could not fully update ACME renewal info: either no ACME issuer configured for certificate, or all failed (make sure the ACME CA that issued the certificate is configured)")
+	err = fmt.Errorf("could not fully update ACME renewal info: either no issuer supporting ARI is configured for certificate, or all such failed (make sure the ACME CA that issued the certificate is configured)")
 	return
 }