Panic when no issuer is selected

[Webbmekanikern]

What version of the package are you using?

v0.17.0

What are you trying to do?

Issue a certificate.

What steps did you take?

Exceed the Let's Encrypt limit of max certificates per domain and hour.

What did you expect to happen, and what actually happened instead?

I expected a clear error message that no issuer could be selected, possibly due to limits of the issuers. Instead I got a panic due to nil pointer dereference:

$: panic: runtime error: invalid memory address or nil pointer dereference
$: [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x8d696d]
$: goroutine 1 [running]:
$: github.com/caddyserver/certmagic.(*Config).obtainCert.func2({0xc66ba0, 0xc00003a060})
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:579 +0x66d
$: github.com/caddyserver/certmagic.(*Config).obtainCert(0xc000156a50, {0xc66ba0, 0xc00003a060}, {0xc00003ed8b, 0x1f}, 0x1)
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:614 +0x5cc
$: github.com/caddyserver/certmagic.(*Config).ObtainCertSync(...)
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:446
$: github.com/caddyserver/certmagic.(*Config).manageOne.func1()
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:351 +0x8e
$: github.com/caddyserver/certmagic.(*Config).manageOne(0xc000156a50, {0xc66ba0?, 0xc00003a060}, {0xc00003ed8b, 0x1f}, 0x0)
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:378 +0x307
$: github.com/caddyserver/certmagic.(*Config).manageAll(0xc000156a50, {0xc66ba0?, 0xc00003a060?}, {0xc000681100?, 0x1, 0x0?}, 0x68?)
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:329 +0x110
$: github.com/caddyserver/certmagic.(*Config).ManageSync(...)
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/config.go:268
$: github.com/caddyserver/certmagic.HTTPS({0xc000681100, 0x1, 0x1}, {0xc5fb60?, 0xc000565200?})
$:         /go/pkg/mod/github.com/caddyserver/certmagic@v0.17.0/certmagic.go:78 +0xe7

How do you think this should be fixed?

Add a check whether issuerUsed still is nil after the loop: https://github.com/caddyserver/certmagic/blob/master/config.go#L541

[mholt]

Ah, thanks! Fixed in 2e22c6f

[Webbmekanikern]

That was incredibly fast - thanks @mholt!

And sorry for not making a pull request, I were a bit short of time here.

[mholt]

No worries. Does the patch work for you then? Just a sanity check 😅

[Webbmekanikern]

Yup, works:

$: 2022/09/01 17:56:47 X.X.X: obtaining certificate: [X.X.X] Obtain: [X.X.X] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: X.X.X, retry after 2022-09-03T00:29:08Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)

Note to self: Don't make excuses for not using the staging CA.

[mholt]

Thanks! Will tag a release then.