lacme: new flag `--force`.

Which aliases to `--min-days=-1`, i.e., forces renewal regardless of the expiration date of existing certificates.
author: Guilhem Moulin <guilhem@fripost.org> 2020-12-09 21:47:54 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-12-09 22:07:18 +0100
commit: 0f574f73182491fe793fcdfce6632372fab4d5c3 (patch)
tree: 4256fdc08a06c714fb8c2e4005a254dda7b5afe0
parent: 61e4ad1347f51a84400cbf87633cc99f657f9ad7 (diff)
3 files changed, 13 insertions, 2 deletions
diff --git a/Changelog b/Changelog
index a9f137e..4168e58 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,9 @@ lacme (0.7.1) upstream;
 
  * Unprivileged user/group for the internal client resp. webserver are
    now configurable at install time.
+ * lacme: new flag `--force`, which aliases to `--min-days=-1`, i.e.,
+   forces renewal regardless of the expiration date of existing
+   certificates.
  - lacme: delay webserver socket shutdown to after the process has
    terminated.
  - documentation: suggest to generate private key material with
diff --git a/lacme b/lacme
index e4b8e01..7f3d65d 100755
--- a/lacme
+++ b/lacme
@@ -63,7 +63,11 @@ sub usage(;$$) {
     }
     exit $rv;
 }
-usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed deactivate min-days=i quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s
+    register tos-agreed deactivate
+    min-days=i force
+    quiet|q
+    debug help|h/);
 usage(0) if $OPTS{help};
 
 $COMMAND = shift(@ARGV) // usage(1, "Missing command");
@@ -643,6 +647,7 @@ if ($COMMAND eq 'account') {
 # newOrder [SECTION ..]
 #
 elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') {
+    $OPTS{'min-days'} = -1 if $OPTS{force};
     $COMMAND = 'newOrder';
     my $conffiles = defined $OPTS{'config-certs'} ? $OPTS{'config-certs'}
                   : defined $CONFIG->{_}->{'config-certs'} ? [ split(/\s+/, $CONFIG->{_}->{'config-certs'}) ]
diff --git a/lacme.8.md b/lacme.8.md
index ecf87c3..2ffdc25 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -77,7 +77,7 @@ Commands
     Upon success, `lacme` prints the new or updated Account Object from
     the [ACME] server.
 
-`lacme` [`--config-certs=`*FILE*] [`--min-days=`*INT*] `newOrder` [*SECTION* …]
+`lacme newOrder` [`--config-certs=`*FILE*] [`--min-days=`*INT*|`--force`] [*SECTION* …]
 
 :   Read the certificate configuration *FILE* (see the **[certificate
     configuration file](#certificate-configuration-file)** section below
@@ -85,6 +85,9 @@ Commands
     for each of its sections (or the given list of *SECTION*s).
     Command alias: `new-order`.
 
+    The flag `--force` is an alias for `--min-days=-1`, which forces
+    renewal regardless of the expiration date of existing certificates.
+
 `lacme` `revokeCert` *FILE* [*FILE* …]
 
 :   Request that the given certificate(s) *FILE*(s) be revoked.  For
author	Guilhem Moulin <guilhem@fripost.org>	2020-12-09 21:47:54 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-12-09 22:07:18 +0100
commit	0f574f73182491fe793fcdfce6632372fab4d5c3 (patch)
tree	4256fdc08a06c714fb8c2e4005a254dda7b5afe0
parent	61e4ad1347f51a84400cbf87633cc99f657f9ad7 (diff)