aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Changelog2
-rwxr-xr-xlacme6
-rw-r--r--lacme.md7
3 files changed, 10 insertions, 5 deletions
diff --git a/Changelog b/Changelog
index a622a5d..accd89c 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,8 @@ lacme (0.3) upstream;
- Ensure lacme's config file descriptor is not passed to the accountd
or webserver components.
- new-cert: sort section names if not passed explicitely.
+ - new-cert: new CLI option "min-days" overriding the value found in
+ the configuration file.
-- Guilhem Moulin <guilhem@guilhem.org> Sun, 19 Feb 2017 13:08:41 +0100
diff --git a/lacme b/lacme
index f9b3530..75c1465 100755
--- a/lacme
+++ b/lacme
@@ -60,7 +60,7 @@ sub usage(;$$) {
}
exit $rv;
}
-usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s min-days=i quiet|q debug help|h/);
usage(0) if $OPTS{help};
$COMMAND = shift(@ARGV) // usage(1, "Missing command");
@@ -619,8 +619,8 @@ elsif ($COMMAND eq 'new-cert') {
# skip certificates that expire at least $conf->{'min-days'} days in the future
if (-f $conf->{$certtype} and defined (my $t = x509_enddate($conf->{$certtype}))) {
- my $d = $conf->{'min-days'} // 10;
- if ($d > 0 and $t - time > $d*86400) {
+ my $d = $OPTS{'min-days'} // $conf->{'min-days'} // 10;
+ if ($d >= 0 and $t - time > $d*86400) {
my $d = POSIX::strftime('%Y-%m-%d %H:%M:%S UTC', gmtime($t));
print STDERR "[$s] Valid until $d, skipping\n" unless $OPTS{quiet};
next;
diff --git a/lacme.md b/lacme.md
index f5b5559..aec2cd1 100644
--- a/lacme.md
+++ b/lacme.md
@@ -88,7 +88,7 @@ Commands
When specified, the list of *CONTACT* information and the agreement
*URI* are sent to the server to replace the existing values.
-`lacme` [`--config-certs=`*FILE*] `new-cert` [*SECTION* …]
+`lacme` [`--config-certs=`*FILE*] [`--min-days=`*INT*] `new-cert` [*SECTION* …]
: Read the certificate configuration *FILE* (see the **[certificate
configuration file](#certificate-configuration-file)** section below
@@ -339,7 +339,10 @@ Valid options are:
: For an existing certificate, the minimum number of days before its
expiration date the section is considered for re-issuance.
- Default: `10`.
+ A negative value forces reissuance, while the number `0` limits
+ reissuance to expired certificates.
+ Default: the value of the CLI option `--min-days`, or `10` if there
+ is no such option.
*CAfile*