This repository was archived by the owner on Apr 3, 2020. It is now read-only.
Don't re-generate let's encrypt certificates on every run, only when needed. #76
Description
Due to some issues with concourse-up / my local setup, I ran concourse-up multiple times. Since the certificate request code using let's encrypt does not keep track of already-requested certificates, this leads to errors caused by rate-limiting:
GENERATING BOSH DIRECTOR CERTIFICATE (<redacted-ips>)
2018/11/21 16:58:23 [INFO] acme: Registering account for nobody@madeupemailaddress.com
2018/11/21 16:58:24 [INFO][<redacted-domain>] acme: Obtaining bundled SAN certificate
2018/11/21 16:58:24 [INFO][<redacted-domain>] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/<redacted>
2018/11/21 16:58:24 [INFO][<redacted-domain>] acme: Could not find solver for: tls-alpn-01
2018/11/21 16:58:24 [INFO][<redacted-domain>] acme: Trying to solve DNS-01
2018/11/21 16:58:59 [INFO][<redacted-domain>] Checking DNS record propagation using [8.8.8.8:53]
2018/11/21 16:59:03 [INFO][<redacted-domain>] The server validated our request
2018/11/21 16:59:38 [INFO][<redacted-domain>] acme: Validations succeeded; requesting certificates
map[<redacted-domain>:acme: Error 429 - urn:acme:error:rateLimited - Error creating new cert :: too many certificates already issued for exact set of domains: <redacted-domain>: see https://letsencrypt.org/docs/rate-limits/]
The only workaround is to change the domain name, or wait a day/week, which is not great. Is there any way to only request a new certificate if needed (i.e. the old one is about to expire or there isn't one for that domain yet)? How/where is the let'sencrypt state saved?