Class: PagesDomains::ObtainLetsEncryptCertificateService
- Inherits:
-
Object
- Object
- PagesDomains::ObtainLetsEncryptCertificateService
- Defined in:
- app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
Constant Summary collapse
- CHALLENGE_PROCESSING_DELAY =
time for processing validation requests for acme challenges 5-15 seconds is usually enough
1.minute.freeze
- CERTIFICATE_PROCESSING_DELAY =
time LetsEncrypt ACME server needs to generate the certificate no particular SLA, usually takes 10-15 seconds
1.minute.freeze
Instance Attribute Summary collapse
-
#pages_domain ⇒ Object
readonly
Returns the value of attribute pages_domain.
Instance Method Summary collapse
- #execute ⇒ Object
-
#initialize(pages_domain) ⇒ ObtainLetsEncryptCertificateService
constructor
A new instance of ObtainLetsEncryptCertificateService.
Constructor Details
#initialize(pages_domain) ⇒ ObtainLetsEncryptCertificateService
Returns a new instance of ObtainLetsEncryptCertificateService.
15 16 17 |
# File 'app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb', line 15 def initialize(pages_domain) @pages_domain = pages_domain end |
Instance Attribute Details
#pages_domain ⇒ Object (readonly)
Returns the value of attribute pages_domain.
13 14 15 |
# File 'app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb', line 13 def pages_domain @pages_domain end |
Instance Method Details
#execute ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb', line 19 def execute pages_domain.acme_orders.expired.delete_all acme_order = pages_domain.acme_orders.first unless acme_order ::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id) return end api_order = ::Gitlab::LetsEncrypt::Client.new.load_order(acme_order.url) # https://www.rfc-editor.org/rfc/rfc8555#section-7.1.6 - statuses diagram case api_order.status when 'ready' api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain) PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id) when 'valid' save_certificate(acme_order.private_key, api_order) acme_order.destroy! when 'invalid' save_order_error(acme_order, api_order) end end |