diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index 6dd0ec2..7c931fb 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -124,8 +124,6 @@ steps: services: pebble_acme: image: ghcr.io/letsencrypt/pebble:2.6.0 - ports: - - 14000 # ACME port environment: PEBBLE_VA_NOSLEEP: '1' PEBBLE_VA_ALWAYS_VALID: '1' diff --git a/integration/main_test.go b/integration/main_test.go index 86fd9d3..cc1fa62 100644 --- a/integration/main_test.go +++ b/integration/main_test.go @@ -34,7 +34,7 @@ func TestMain(m *testing.M) { func startServer(ctx context.Context) error { args := []string{"integration"} - setEnvIfNotSet("ACME_API", "https://acme.mock.directory") + setEnvIfNotSet("ACME_API", "https://localhost:14000/dir") setEnvIfNotSet("PAGES_DOMAIN", "localhost.mock.directory") setEnvIfNotSet("RAW_DOMAIN", "raw.localhost.mock.directory") setEnvIfNotSet("PAGES_BRANCHES", "pages,main,master") diff --git a/server/acme/client.go b/server/acme/client.go index d5c83d0..3f62647 100644 --- a/server/acme/client.go +++ b/server/acme/client.go @@ -3,6 +3,7 @@ package acme import ( "errors" "fmt" + "strings" "codeberg.org/codeberg/pages/config" "codeberg.org/codeberg/pages/server/cache" @@ -13,8 +14,8 @@ var ErrAcmeMissConfig = errors.New("ACME client has wrong config") func CreateAcmeClient(cfg config.ACMEConfig, enableHTTPServer bool, challengeCache cache.ICache) (*certificates.AcmeClient, error) { // check config - if (!cfg.AcceptTerms || (cfg.DNSProvider == "" && !cfg.NoDNS01)) && cfg.APIEndpoint != "https://acme.mock.directory" { - return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER or $NO_DNS_01, unless $ACME_API is set to https://acme.mock.directory", ErrAcmeMissConfig) + if (!cfg.AcceptTerms || (cfg.DNSProvider == "" && !cfg.NoDNS01)) && (cfg.APIEndpoint != "https://acme.mock.directory" || strings.HasPrefix(cfg.APIEndpoint, "https://localhost")) { + return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER or $NO_DNS_01, unless $ACME_API is set to https://acme.mock.directory or starts with https://localhost", ErrAcmeMissConfig) } if cfg.EAB_HMAC != "" && cfg.EAB_KID == "" { return nil, fmt.Errorf("%w: ACME_EAB_HMAC also needs ACME_EAB_KID to be set", ErrAcmeMissConfig)