aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-12-09 00:10:14 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-12-09 00:10:14 +0100
commit594b65f8960c38fde1a8ffd567df852a69a670ff (patch)
tree289a9fa5cc2b259d3cd511ed5acac699289a2362
parentf23e4e0d0cf48153dbc5134cf1bf1bb7189c3005 (diff)
Add an option --min-age.
-rwxr-xr-xletsencrypt10
1 files changed, 10 insertions, 0 deletions
diff --git a/letsencrypt b/letsencrypt
index 5c10ea1..4c932e4 100755
--- a/letsencrypt
+++ b/letsencrypt
@@ -17,6 +17,7 @@ declare -l GENKEY
declare RUNAS QUIET= DEBUG=
declare SRVCRT= CHAIN= CSR SRVKEY
+delcale -i MIN_AGE=0
declare -l HASH=
declare SUBJECT=/
declare SAN=
@@ -62,6 +63,8 @@ usage() {
(default: "digitalSignature,keyEncipherment,keyCertSign")
--chain Store not only the server certificate in the file specified with --output, but
also the CA's
+ --min-age=SECONDS Don't do anything if the certificate specified by --output exists and its expiration
+ is more than SECONDS ahead.
--output=FILE Where to store the issued (signed) X.509 certificate
--notify=COMMAND Command to run upon success. (This option can be repeated.)
@@ -97,6 +100,7 @@ while [ $# -gt 0 ]; do
--debug) DEBUG=1;;
--output=*) SRVCRT="${1#*=}";;
+ --min-age=*) MIN_AGE="${1#*=}";;
--chain) CHAIN=1;;
--csr=*) CSR="${1#*=}";;
--key=*) SRVKEY="${1#*=}";;
@@ -164,6 +168,12 @@ elif [ "$COMMAND" = 'new-cert' ]; then
echo "Error: Missing --output" >&2
exit 1
fi
+ if [ -s "$SRVCRT" ] && \
+ exp=$(openssl x509 -noout -enddate <"$SRVCRT" 2>/dev/null) && \
+ [ $(( $(date -d "${exp#*=}" +%s) - $(date +%s))) -gt $MIN_AGE ]; then
+ [ ! "$DEBUG" ] || echo "Expiration date ($(date -d"${exp#*=}")) is too far away, come back later." >&2
+ exit 0
+ fi
# Generate a Certificate Signing Request if need be
if [ ${CSR+x} ]; then