add: waitForDomain func to wait for a domain to be resolvable before …

…pinging lets-encrypt Signed-off-by: Thorsten Klein <[email protected]>
acorn-io · Oct 11, 2023 · 6387f5d · 6387f5d
1 parent 1fc37ec
commit 6387f5d
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/pkg/controller/tls/certs.go b/pkg/controller/tls/certs.go
@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"net"
 	"strings"
 	"time"
 
@@ -49,6 +50,24 @@ func RequireSecretTypeTLS(h router.Handler) router.Handler {
 	})
 }
 
+func waitForDomain(domain string, retryInterval time.Duration, maxRetries int) error {
+	done := make(chan error)
+
+	go func() {
+		for retries := 0; retries < maxRetries; retries++ {
+			ips, err := net.LookupIP(domain)
+			if err == nil && len(ips) > 0 {
+				done <- nil // Domain is resolvable
+				return
+			}
+			time.Sleep(retryInterval)
+		}
+		done <- fmt.Errorf("domain %s is not resolvable after %d retries", domain, maxRetries) // Domain is not resolvable
+	}()
+
+	return <-done
+}
+
 // RenewCert handles the renewal of existing TLS certificates
 func RenewCert(req router.Request, resp router.Response) error {
 	sec := req.Object.(*corev1.Secret)
@@ -82,6 +101,11 @@ func RenewCert(req router.Request, resp router.Response) error {
 
 		logrus.Infof("Renewing TLS cert for %s", domain)
 
+		if err := waitForDomain(domain, 5*time.Second, 12); err != nil {
+			logrus.Warnf("Domain %s is not resolvable, skipping certificate renewal: %v", domain, err)
+			return
+		}
+
 		// Get new certificate
 		cert, err := leUser.getCert(req.Ctx, domain)
 		if err != nil {