feat: Potentially handle renewing certificates

internal/server/tls.go

@@ -15,30 +15,30 @@ import (
 
 var (
 	// To access requestingDomains, first acquire the lock.
-	requestingLock = sync.Mutex{}
+	domainsLock = sync.Mutex{}
 
-	// Domain -> _. Check if domain is a key here to see if we're already requeting
-	// a certificate for it.
-	requestingDomains = make(map[string]bool)
+	// Domain -> _. Check if domain is a key here to see if we're already requesting
+	// or renewing a certificate for that domain.
+	workingDomains = make(map[string]bool)
 )
 
 func lockIfUnlockedDomain(domain string) bool {
-	requestingLock.Lock()
-	defer requestingLock.Unlock()
+	domainsLock.Lock()
+	defer domainsLock.Unlock()
 
-	_, found := requestingDomains[domain]
+	_, found := workingDomains[domain]
 	if !found {
-		requestingDomains[domain] = true
+		workingDomains[domain] = true
 	}
 
 	return found
 }
 
 func unlockDomain(domain string) {
-	requestingLock.Lock()
-	defer requestingLock.Unlock()
+	domainsLock.Lock()
+	defer domainsLock.Unlock()
 
-	delete(requestingDomains, domain)
+	delete(workingDomains, domain)
 }
 
 func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.CertificatesCache, acmeClient *lego.Client) *tls.Config {
@@ -76,8 +76,15 @@ func MakeTlsConfig(pagesDomain, cachePath string, cache *certificates.Certificat
 					}
 					defer unlockDomain(domain)
 
-					// TODO: Renew
+					// Renew
 					log.Debugf("Certificate for %s expired, renewing", domain)
+					newCert, err := certificates.RenewCertificate(&cert, acmeClient)
+					if err != nil {
+						log.Errorf("Failed to renew certificate for %s: %v", domain, err)
+						return cert.TlsCertificate, nil
+					}
+					cache.AddCert(newCert, cachePath)
+					return newCert.TlsCertificate, nil
 				}
 			} else {
 				// Don't request if we're already requesting.