This repository has been archived by the owner on Jun 24, 2022. It is now read-only.
More robust cert age check #24
Comments
|
Oooh, that sounds great! I'd welcome a patch! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Thanks for this very useful image!
One caveat I encountered while moving my cert files around is that their timestamp had changed which broke the
is_renewal_required()check.So instead of checking the cert age by looking at privkey.pem last modify timestamp with:
last_renewal_sec=$(stat -c %Y "$last_renewal_file")Wouldn't it be better and more logical to check the cert.pem true start date with openssl this way?:
last_renewal_sec=$(date --date="$(openssl x509 -startdate -noout -in $last_renewal_file | cut -d= -f 2)" '+%s')The text was updated successfully, but these errors were encountered: