1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-22 07:12:22 +02:00

feat: add option to handle the overall request limit (#2209)

This commit is contained in:
Ludovic Fernandez 2024-06-13 22:48:04 +02:00 committed by GitHub
parent 69cacab700
commit c63be848f6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 41 additions and 21 deletions

View File

@ -7,19 +7,10 @@ import (
"github.com/go-acme/lego/v4/log"
)
const (
// overallRequestLimit is the overall number of request per second
// limited on the "new-reg", "new-authz" and "new-cert" endpoints.
// From the documentation the limitation is 20 requests per second,
// but using 20 as value doesn't work but 18 do.
// https://letsencrypt.org/docs/rate-limits/
overallRequestLimit = 18
)
func (c *Certifier) getAuthorizations(order acme.ExtendedOrder) ([]acme.Authorization, error) {
resc, errc := make(chan acme.Authorization), make(chan domainError)
delay := time.Second / overallRequestLimit
delay := time.Second / time.Duration(c.overallRequestLimit)
for _, authzURL := range order.Authorizations {
time.Sleep(delay)

View File

@ -22,6 +22,17 @@ import (
"golang.org/x/net/idna"
)
const (
// DefaultOverallRequestLimit is the overall number of request per second
// limited on the "new-reg", "new-authz" and "new-cert" endpoints.
// From the documentation the limitation is 20 requests per second,
// but using 20 as value doesn't work but 18 do.
// https://letsencrypt.org/docs/rate-limits/
// ZeroSSL has a limit of 7.
// https://help.zerossl.com/hc/en-us/articles/17864245480093-Advantages-over-Using-Let-s-Encrypt#h_01HT4Z1JCJFJQFJ1M3P7S085Q9
DefaultOverallRequestLimit = 18
)
// maxBodySize is the maximum size of body that we will read.
const maxBodySize = 1024 * 1024
@ -94,24 +105,33 @@ type resolver interface {
}
type CertifierOptions struct {
KeyType certcrypto.KeyType
Timeout time.Duration
KeyType certcrypto.KeyType
Timeout time.Duration
OverallRequestLimit int
}
// Certifier A service to obtain/renew/revoke certificates.
type Certifier struct {
core *api.Core
resolver resolver
options CertifierOptions
core *api.Core
resolver resolver
options CertifierOptions
overallRequestLimit int
}
// NewCertifier creates a Certifier.
func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier {
return &Certifier{
c := &Certifier{
core: core,
resolver: resolver,
options: options,
}
c.overallRequestLimit = options.OverallRequestLimit
if c.overallRequestLimit <= 0 {
c.overallRequestLimit = DefaultOverallRequestLimit
}
return c
}
// Obtain tries to obtain a single certificate using all domains passed into it.

View File

@ -3,6 +3,7 @@ package cmd
import (
"time"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/lego"
"github.com/urfave/cli/v2"
"software.sslmate.com/src/go-pkcs12"
@ -154,6 +155,11 @@ func CreateFlags(defaultPath string) []cli.Flag {
Usage: "Set the certificate timeout value to a specific value in seconds. Only used when obtaining certificates.",
Value: 30,
},
&cli.IntFlag{
Name: "overall-request-limit",
Usage: "ACME overall requests limit.",
Value: certificate.DefaultOverallRequestLimit,
},
&cli.StringFlag{
Name: "user-agent",
Usage: "Add to the user-agent sent to the CA to identify an application embedding lego-cli",

View File

@ -38,8 +38,9 @@ func newClient(ctx *cli.Context, acc registration.User, keyType certcrypto.KeyTy
config.CADirURL = ctx.String("server")
config.Certificate = lego.CertificateConfig{
KeyType: keyType,
Timeout: time.Duration(ctx.Int("cert.timeout")) * time.Second,
KeyType: keyType,
Timeout: time.Duration(ctx.Int("cert.timeout")) * time.Second,
OverallRequestLimit: ctx.Int("overall-request-limit"),
}
config.UserAgent = getUserAgent(ctx)

View File

@ -48,6 +48,7 @@ GLOBAL OPTIONS:
--pfx.pass value The password used to encrypt the .pfx (PCKS#12) file. (default: "changeit") [$LEGO_PFX_PASSWORD]
--pfx.format value The encoding format to use when encrypting the .pfx (PCKS#12) file. Supported: RC2, DES, SHA256. (default: "RC2") [$LEGO_PFX_FORMAT]
--cert.timeout value Set the certificate timeout value to a specific value in seconds. Only used when obtaining certificates. (default: 30)
--overall-request-limit value ACME overall requests limit. (default: 18)
--user-agent value Add to the user-agent sent to the CA to identify an application embedding lego-cli
--help, -h show help
"""

View File

@ -53,7 +53,7 @@ func NewClient(config *Config) (*Client, error) {
solversManager := resolver.NewSolversManager(core)
prober := resolver.NewProber(solversManager)
certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout})
certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout, OverallRequestLimit: config.Certificate.OverallRequestLimit})
return &Client{
Certificate: certifier,

View File

@ -61,8 +61,9 @@ func NewConfig(user registration.User) *Config {
}
type CertificateConfig struct {
KeyType certcrypto.KeyType
Timeout time.Duration
KeyType certcrypto.KeyType
Timeout time.Duration
OverallRequestLimit int
}
// createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value