lua-resty-auto-ssl icon indicating copy to clipboard operation
lua-resty-auto-ssl copied to clipboard
verified publisher icon auto-ssl

Set TTL for challenges stored in redis

Open valzam opened this issue 5 years ago • 2 comments

We are using auto-ssl to generate certs on the fly for custom domains owned by our customers. Once in a while someone sets a CAA record that prevents let's encrypt from issuing a cert. When this happens the challenge token in redis is not deleted and over time many hundreds can pile up. We are adding a check to the endpoint used in the allow_domains function to prevent this but in general it might be a good idea to set the TTL of challenge tokens to say 24 hours or at least expose a config parameter to do this.

valzam avatar Sep 23 '20 05:09 valzam

Hi I have the same problem, I allow domains manually but challenges do not get deleted from redis such as below example:

 1) "example.co.il:challenge:aR4HeJj5uopUfaWOe18BkH68U0igH4bhLBPmhnfhjM0"
 2) "example.co.il:challenge:eN4y_ltKt1reEg03sh7NaC44dTXj53PrLoIcbZLZK5A"
 3) "example.co.il:latest"

These challenges are accumulating on redis.. Any suggestion how to fix ?

shimsag avatar Aug 01 '21 23:08 shimsag

https://github.com/zyro-inc/lua-resty-auto-ssl-multi/commit/9268a1d7652dd7fd794a856c84a07c08a44501ba implements a cleanup task (I didn't test it, for reference)

zas avatar Nov 11 '22 13:11 zas