How do I use CacheUnmanagedTLSCertificate correctly?

Question

How do I use CacheUnmanagedTLSCertificate correctly?

mberbero opened this issue a year ago · 6 comments

What is your question?

I want to use the certificates I purchased in the code below, but the application crashes.

       // my all certmagic settings
	certmagic.Default.Storage = &certmagic.FileStorage{
		Path: "./certs",
	}

	certmagic.DefaultACME.Agreed = true
	certmagic.RateLimitEvents = 5
	certmagic.RateLimitEventsWindow = time.Second * 30

	certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
	if os.Getenv("USE_HTTPS") != "" {
		certmagic.DefaultACME.DisableHTTPChallenge = false
		certmagic.DefaultACME.DisableTLSALPNChallenge = true
	} else {
		certmagic.DefaultACME.DisableTLSALPNChallenge = false
		certmagic.DefaultACME.DisableHTTPChallenge = true
	}



		for _, domainwithssl := range r.GetDomainsWithSsl() {

			// create crt file
			crtFile, err := os.Create("./self-certs/" + domainwithssl.GetUrl() + ".crt")
			if err != nil {
				log.Printf("os.Create: %v", err)
				continue
			}

			// create key file
			keyFile, err := os.Create("./self-certs/" + domainwithssl.GetUrl() + ".key")
			if err != nil {
				log.Printf("os.Create: %v", err)
				continue
			}

			// write crt file
			_, err = crtFile.Write([]byte(domainwithssl.GetCertFile()))
			if err != nil {
				log.Printf("crtFile.Write: %v", err)
				continue
			}

			// write key file
			_, err = keyFile.Write([]byte(domainwithssl.GetKeyFile()))
			if err != nil {
				log.Printf("keyFile.Write: %v", err)
				continue
			}

			cert, err := tls.LoadX509KeyPair("./self-certs/"+domainwithssl.GetUrl()+".crt", "./self-certs/"+domainwithssl.GetUrl()+".key")
			if err != nil {
				log.Printf("tls.LoadX509KeyPair: %v", err)
				continue
			}

			_, err = certmagic.Default.CacheUnmanagedTLSCertificate(ctx, cert, []string{domainwithssl.GetUrl()})
			if err != nil {
				log.Printf("certmagic.Default.CacheUnmanagedTLSCertificate: %v", err)
				continue
			}
		}

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x989a22]

goroutine 6 [running]:
github.com/caddyserver/certmagic.(*Cache).cacheCertificate(0x0, {{{0xc0000948b8, 0x1, 0x1}, {0xc78760, 0xc000499080}, {0x0, 0x0, 0x0}, {0xc0001e6800, ...}, ...}, ...})
        /go/pkg/mod/github.com/caddyserver/certmagic@v0.19.2/cache.go:196 +0x22
github.com/caddyserver/certmagic.(*Config).CacheUnmanagedTLSCertificate(0x13c8a60, {0xe28a08, 0x1406a60}, {{0xc0000948b8, 0x1, 0x1}, {0xc78760, 0xc000499080}, {0x0, 0x0, ...}, ...}, ...)
        /go/pkg/mod/github.com/caddyserver/certmagic@v0.19.2/certificates.go:194 +0x39f

What have you already tried?

I tried using other methods but the error is the same

Answer 1 · 2023-11-21T17:16:31.000Z

Did you call certmagic.NewDefault()?

From https://github.com/caddyserver/certmagic?tab=readme-ov-file#defaults:

The default Config value is called certmagic.Default. Change its fields to suit your needs, then call certmagic.NewDefault() when you need a valid Config value. In other words, certmagic.Default is a template and is not valid for use directly.

Answer 2 · 2023-11-22T06:06:33.000Z

Yes, I forgot to add that.
But now it uses the wildcard SSL created by letsencrypt, not the SSL I gave it. And I do not use the DNS verification method.

Answer 3 · 2023-11-22T18:27:50.000Z

If both certificates match the hostname and satisfy the handshake requirements, why does it matter which one is used? 🤔

Answer 4 · 2023-11-26T23:58:35.000Z

@mberbero Did this get resolved? I want to make sure everything is working OK.

Answer 5 · 2023-11-27T09:41:41.000Z

@mholt I think it's fixed. I couldn't use my own SSL certificate. I think we have to wait 3 months for that.

Answer 6 · 2023-11-29T05:29:02.000Z

@mberbero Ok. Sorry about the inconvenience. If there's good reasoning for making a change here, I'm happy to consider it. Just let me know if something pops up. :)