acme autocert manager ignores valid certificates on startup

Question

I'm building currently a service that uses acme/autocert. To use that service with more than 1 replicas, I had to write a persistent cache interface like DirCache. Then I noticed, that after restarting the service all valid certs in the Cache got ignored on the startup. The following sequence happens all the time:

• Cache put acme_account+key (even if it exists in the cache)
• Cache get acme_account+key
• Cache get my.domain.net (it returns the cached cert)
• Cache get acme_account+key
• Cache put my.domain.net+token
• Cache put HASH+http-01
• Cache delete HASH+http-01
• Cache delete my.domain.net+token
• Cache put my.domain.net (put the new cert)

Is this the correct behavior? Because every replica would create its own cert and a persistent Cache is not possible with this circumstances

Here is my manager factory

func NewManager(d *db.DynamoDB, staging bool) *Manager {
    manager := &Manager{
        CertCache: NewPersistentCertCache(d),
    }

    directoryURL := acme.LetsEncryptURL
    if staging {
        directoryURL = LetsEncryptStagingURL
        log.Infof("Using CA staging environment")
    }
    log.Infof("CA URI %s", directoryURL)

    client := &acme.Client{
        DirectoryURL: directoryURL,
    }

    manager.AcmeManager = &autocert.Manager{
        Prompt:     autocert.AcceptTOS,
        HostPolicy: manager.AllowHostPolicy,
        Cache:      manager.CertCache,
        Client:     client,
    }

    return manager
}

Answer 1

The solution for this question is that the cache interface and behavior works correctly. My cache implementation was faulty. I had a goroutine within the Cache.Get(...) that read from a DB to a channel, but unfortunately the outer func body did not wait for that channel and returns always a CacheMissed error. After the fix everything works fine. My fault sry