Check whether domains are allowed when renewing

auto-ssl · May 14, 2019 · 4e8efe4 · 4e8efe4
1 parent 718205d
commit 4e8efe4
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/resty/auto-ssl/jobs/renewal.lua b/lib/resty/auto-ssl/jobs/renewal.lua
@@ -129,6 +129,13 @@ local function renew_check_cert(auto_ssl_instance, storage, domain)
     end
   end
 
+  -- Check if domain is still allowed before renewing.
+  local allow_domain = auto_ssl_instance:get("allow_domain")
+  if not allow_domain(domain) then
+    ngx.log(ngx.NOTICE, "auto-ssl: domain not allowed, not renewing: ", domain)
+    return
+  end
+
   -- We didn't previously store the cert.pem (since it can be derived from the
   -- fullchain.pem). So for backwards compatibility, set the cert.pem value to
   -- the fullchain.pem value, since that should work for our date checking