Apply suggestions and ran go mod tidy

caddyserver · Apr 19, 2024 · b87f0b7 · b87f0b7
1 parent 7d3dcb2
commit b87f0b7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 11 deletions.
diff --git a/go.sum b/go.sum
@@ -68,10 +68,6 @@ github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/caddyserver/certmagic v0.20.1-0.20240412214119-167015dd6570 h1:SsAXjoQx2wOmLl6mEwJEwh7wwys2hb/l/mhtmxA3wts=
-github.com/caddyserver/certmagic v0.20.1-0.20240412214119-167015dd6570/go.mod h1:e1NhB1rF5KZnAuAX6oSyhE7sg1Ru5bWgggw5RtauhEY=
-github.com/caddyserver/certmagic v0.20.1-0.20240418194233-27ab129028e1 h1:jyf7BgZCwGqrqjv2+wOX662oZr9QqeSjzwA9bCG+paM=
-github.com/caddyserver/certmagic v0.20.1-0.20240418194233-27ab129028e1/go.mod h1:e1NhB1rF5KZnAuAX6oSyhE7sg1Ru5bWgggw5RtauhEY=
 github.com/caddyserver/certmagic v0.20.1-0.20240419174353-855d4670a49d h1:fi1dMdHOoyWHXpxpCbaB+H4xdAgQcBP2AXSqpXVpIcg=
 github.com/caddyserver/certmagic v0.20.1-0.20240419174353-855d4670a49d/go.mod h1:e1NhB1rF5KZnAuAX6oSyhE7sg1Ru5bWgggw5RtauhEY=
 github.com/caddyserver/zerossl v0.1.2 h1:tlEu1VzWGoqcCpivs9liKAKhfpJWYJkHEMmlxRbVAxE=

diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
@@ -89,13 +89,12 @@ type ACMEIssuer struct {
 	PreferredChains *ChainPreference `json:"preferred_chains,omitempty"`
 
 	// The validity period to ask the CA to issue a certificate for.
-	// Default: 0 (don't ask a custom lifetime to the CA)
-	// This value is used to compute the "notAfter" field of the ACME order,
+	// Default: 0 (CA chooses lifetime).
+	// This value is used to compute the "notAfter" field of the ACME order;
 	// therefore the system must have a reasonably synchronized clock.
-	// Important : Let's Encrypt and ZeroSSL don't allow custom
-	// validity period and will refuse to issue a certicate if this is set.
-	// For CAs that support it, there are often limits
-	// on the allowed validity periods. Please refer to your CA documentation.
+	// NOTE: Not all CAs support this. Check with your CA's ACME
+	// documentation to see if this is allowed and what values may
+	// be used.
 	CertificateLifetime caddy.Duration `json:"certificate_lifetime,omitempty"`
 
 	rootPool *x509.CertPool
@@ -369,8 +368,11 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 			if err != nil {
 				return d.Errf("invalid lifetime %s: %v", lifetimeStr, err)
 			}
-			// TODO: Add check that valid lifetime must be >= 0
+			if lifetime < 0 {
+				return d.Errf("lifetime must be >= 0: %s", lifetime)
+			}
 			iss.CertificateLifetime = caddy.Duration(lifetime)
+
 		case "dir":
 			if iss.CA != "" {
 				return d.Errf("directory is already specified: %s", iss.CA)