From c508f61a41758dd4181b4fe8b811c40833256fe1 Mon Sep 17 00:00:00 2001
From: Jonathan Garcia <jonathan.garcia@joga.pm>
Date: Tue, 5 Aug 2025 12:00:22 +0200
Subject: [PATCH] Move cfg nil check from RenewManagedCertificates to getConfig

getConfig checks cfg.certCache so cfg can never be nil inside of
getConfig or it can crash with:
 invalid memory address or nil pointer dereference
---
 cache.go    | 4 ++++
 maintain.go | 6 ------
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/cache.go b/cache.go
index b6095fcb..3b5cfb0b 100644
--- a/cache.go
+++ b/cache.go
@@ -365,6 +365,10 @@ func (certCache *Cache) getConfig(cert Certificate) (*Config, error) {
 	if err != nil {
 		return nil, err
 	}
+	if cfg == nil {
+		// this is bad if this happens, probably a programmer error (oops)
+		return nil, fmt.Errorf("no configuration associated with certificate: %v;", cert.Names)
+	}
 	if cfg.certCache == nil {
 		return nil, fmt.Errorf("config returned for certificate %v has nil cache; expected %p (this one)",
 			cert.Names, certCache)
diff --git a/maintain.go b/maintain.go
index e24dcaa0..a20a07f5 100644
--- a/maintain.go
+++ b/maintain.go
@@ -125,12 +125,6 @@ func (certCache *Cache) RenewManagedCertificates(ctx context.Context) error {
 				zap.Error(err))
 			continue
 		}
-		if cfg == nil {
-			// this is bad if this happens, probably a programmer error (oops)
-			log.Error("no configuration associated with certificate; unable to manage",
-				zap.Strings("identifiers", cert.Names))
-			continue
-		}
 		if cfg.OnDemand != nil {
 			continue
 		}