diff options
-rw-r--r-- | Changelog | 2 | ||||
-rwxr-xr-x | lacme | 6 | ||||
-rw-r--r-- | lacme.md | 7 |
3 files changed, 10 insertions, 5 deletions
@@ -5,6 +5,8 @@ lacme (0.3) upstream; - Ensure lacme's config file descriptor is not passed to the accountd or webserver components. - new-cert: sort section names if not passed explicitely. + - new-cert: new CLI option "min-days" overriding the value found in + the configuration file. -- Guilhem Moulin <guilhem@guilhem.org> Sun, 19 Feb 2017 13:08:41 +0100 @@ -60,7 +60,7 @@ sub usage(;$$) { } exit $rv; } -usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s quiet|q debug help|h/); +usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s min-days=i quiet|q debug help|h/); usage(0) if $OPTS{help}; $COMMAND = shift(@ARGV) // usage(1, "Missing command"); @@ -619,8 +619,8 @@ elsif ($COMMAND eq 'new-cert') { # skip certificates that expire at least $conf->{'min-days'} days in the future if (-f $conf->{$certtype} and defined (my $t = x509_enddate($conf->{$certtype}))) { - my $d = $conf->{'min-days'} // 10; - if ($d > 0 and $t - time > $d*86400) { + my $d = $OPTS{'min-days'} // $conf->{'min-days'} // 10; + if ($d >= 0 and $t - time > $d*86400) { my $d = POSIX::strftime('%Y-%m-%d %H:%M:%S UTC', gmtime($t)); print STDERR "[$s] Valid until $d, skipping\n" unless $OPTS{quiet}; next; @@ -88,7 +88,7 @@ Commands When specified, the list of *CONTACT* information and the agreement *URI* are sent to the server to replace the existing values. -`lacme` [`--config-certs=`*FILE*] `new-cert` [*SECTION* …] +`lacme` [`--config-certs=`*FILE*] [`--min-days=`*INT*] `new-cert` [*SECTION* …] : Read the certificate configuration *FILE* (see the **[certificate configuration file](#certificate-configuration-file)** section below @@ -339,7 +339,10 @@ Valid options are: : For an existing certificate, the minimum number of days before its expiration date the section is considered for re-issuance. - Default: `10`. + A negative value forces reissuance, while the number `0` limits + reissuance to expired certificates. + Default: the value of the CLI option `--min-days`, or `10` if there + is no such option. *CAfile* |