From 0f574f73182491fe793fcdfce6632372fab4d5c3 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 21:47:54 +0100
Subject: lacme: new flag `--force`.

Which aliases to `--min-days=-1`, i.e., forces renewal regardless of the
expiration date of existing certificates.
---
 Changelog  | 3 +++
 lacme      | 7 ++++++-
 lacme.8.md | 5 ++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index a9f137e..4168e58 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,9 @@ lacme (0.7.1) upstream;
 
  * Unprivileged user/group for the internal client resp. webserver are
    now configurable at install time.
+ * lacme: new flag `--force`, which aliases to `--min-days=-1`, i.e.,
+   forces renewal regardless of the expiration date of existing
+   certificates.
  - lacme: delay webserver socket shutdown to after the process has
    terminated.
  - documentation: suggest to generate private key material with
diff --git a/lacme b/lacme
index e4b8e01..7f3d65d 100755
--- a/lacme
+++ b/lacme
@@ -63,7 +63,11 @@ sub usage(;$$) {
     }
     exit $rv;
 }
-usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed deactivate min-days=i quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s
+    register tos-agreed deactivate
+    min-days=i force
+    quiet|q
+    debug help|h/);
 usage(0) if $OPTS{help};
 
 $COMMAND = shift(@ARGV) // usage(1, "Missing command");
@@ -643,6 +647,7 @@ if ($COMMAND eq 'account') {
 # newOrder [SECTION ..]
 #
 elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') {
+    $OPTS{'min-days'} = -1 if $OPTS{force};
     $COMMAND = 'newOrder';
     my $conffiles = defined $OPTS{'config-certs'} ? $OPTS{'config-certs'}
                   : defined $CONFIG->{_}->{'config-certs'} ? [ split(/\s+/, $CONFIG->{_}->{'config-certs'}) ]
diff --git a/lacme.8.md b/lacme.8.md
index ecf87c3..2ffdc25 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -77,7 +77,7 @@ Commands
     Upon success, `lacme` prints the new or updated Account Object from
     the [ACME] server.
 
-`lacme` [`--config-certs=`*FILE*] [`--min-days=`*INT*] `newOrder` [*SECTION* …]
+`lacme newOrder` [`--config-certs=`*FILE*] [`--min-days=`*INT*|`--force`] [*SECTION* …]
 
 :   Read the certificate configuration *FILE* (see the **[certificate
     configuration file](#certificate-configuration-file)** section below
@@ -85,6 +85,9 @@ Commands
     for each of its sections (or the given list of *SECTION*s).
     Command alias: `new-order`.
 
+    The flag `--force` is an alias for `--min-days=-1`, which forces
+    renewal regardless of the expiration date of existing certificates.
+
 `lacme` `revokeCert` *FILE* [*FILE* …]
 
 :   Request that the given certificate(s) *FILE*(s) be revoked.  For
-- 
cgit v1.2.3