diff options
| -rwxr-xr-x | letsencrypt | 10 | 
1 files changed, 10 insertions, 0 deletions
| diff --git a/letsencrypt b/letsencrypt index 5c10ea1..4c932e4 100755 --- a/letsencrypt +++ b/letsencrypt @@ -17,6 +17,7 @@ declare -l GENKEY  declare RUNAS QUIET= DEBUG=  declare SRVCRT= CHAIN= CSR SRVKEY +delcale -i MIN_AGE=0  declare -l HASH=  declare SUBJECT=/  declare SAN= @@ -62,6 +63,8 @@ usage() {  		                      (default: "digitalSignature,keyEncipherment,keyCertSign")  		    --chain           Store not only the server certificate in the file specified with --output, but  		                      also the CA's +		    --min-age=SECONDS Don't do anything if the certificate specified by --output exists and its expiration +		                      is more than SECONDS ahead.  		    --output=FILE     Where to store the issued (signed) X.509 certificate  		    --notify=COMMAND  Command to run upon success.  (This option can be repeated.) @@ -97,6 +100,7 @@ while [ $# -gt 0 ]; do          --debug) DEBUG=1;;          --output=*) SRVCRT="${1#*=}";; +        --min-age=*) MIN_AGE="${1#*=}";;          --chain) CHAIN=1;;          --csr=*) CSR="${1#*=}";;          --key=*) SRVKEY="${1#*=}";; @@ -164,6 +168,12 @@ elif [ "$COMMAND" = 'new-cert' ]; then          echo "Error: Missing --output" >&2          exit 1      fi +    if [ -s "$SRVCRT" ] && \ +         exp=$(openssl x509 -noout -enddate <"$SRVCRT" 2>/dev/null) && \ +         [ $(( $(date -d "${exp#*=}" +%s) - $(date +%s))) -gt $MIN_AGE ]; then +        [ ! "$DEBUG" ] || echo "Expiration date ($(date -d"${exp#*=}")) is too far away, come back later." >&2 +        exit 0 +    fi      # Generate a Certificate Signing Request if need be      if [ ${CSR+x} ]; then | 
