tailscale/ipn
Andrew Lytvynov c1ecae13ab
ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731)
While our `shouldStartDomainRenewal` check is correct, `getCertPEM`
would always bail if the existing cert is not expired. Add the same
`shouldStartDomainRenewal` check to `getCertPEM` to make it proceed with
renewal when existing certs are still valid but should be renewed.

The extra check is expensive (ARI request towards LetsEncrypt), so cache
the last check result for 1hr to not degrade `tailscale serve`
performance.

Also, asynchronous renewal is great for `tailscale serve` but confusing
for `tailscale cert`. Add an explicit flag to `GetCertPEM` to force a
synchronous renewal for `tailscale cert`.

Fixes #8725

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-07-27 12:29:40 -07:00
..
ipnauth all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ipnlocal ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 2023-07-27 12:29:40 -07:00
ipnserver logpolicy, various: allow overriding log function 2023-07-10 18:08:50 -04:00
ipnstate cli: introduce exit-node subcommand to list and filter exit nodes 2023-07-26 16:41:52 -07:00
localapi ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 2023-07-27 12:29:40 -07:00
policy ipn: prefer allow/denylist terminology 2023-04-04 08:02:50 -07:00
store ipn/store/awsstore: persist state with intelligent tiering 2023-04-24 14:35:13 -04:00
backend.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
doc.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
fake_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ipn_clone.go {cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358) 2023-06-21 12:32:20 -04:00
ipn_view.go {cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358) 2023-06-21 12:32:20 -04:00
prefs_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
prefs.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
serve_test.go ipn: add Funnel port check from nodeAttr 2023-03-11 11:20:52 -08:00
serve.go {cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358) 2023-06-21 12:32:20 -04:00
store.go ipn/store: add support for stores to hook into a custom dialer 2023-03-29 16:35:46 -07:00