From 0f574f73182491fe793fcdfce6632372fab4d5c3 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 9 Dec 2020 21:47:54 +0100 Subject: lacme: new flag `--force`. Which aliases to `--min-days=-1`, i.e., forces renewal regardless of the expiration date of existing certificates. --- Changelog | 3 +++ lacme | 7 ++++++- lacme.8.md | 5 ++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index a9f137e..4168e58 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,9 @@ lacme (0.7.1) upstream; * Unprivileged user/group for the internal client resp. webserver are now configurable at install time. + * lacme: new flag `--force`, which aliases to `--min-days=-1`, i.e., + forces renewal regardless of the expiration date of existing + certificates. - lacme: delay webserver socket shutdown to after the process has terminated. - documentation: suggest to generate private key material with diff --git a/lacme b/lacme index e4b8e01..7f3d65d 100755 --- a/lacme +++ b/lacme @@ -63,7 +63,11 @@ sub usage(;$$) { } exit $rv; } -usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed deactivate min-days=i quiet|q debug help|h/); +usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s + register tos-agreed deactivate + min-days=i force + quiet|q + debug help|h/); usage(0) if $OPTS{help}; $COMMAND = shift(@ARGV) // usage(1, "Missing command"); @@ -643,6 +647,7 @@ if ($COMMAND eq 'account') { # newOrder [SECTION ..] # elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { + $OPTS{'min-days'} = -1 if $OPTS{force}; $COMMAND = 'newOrder'; my $conffiles = defined $OPTS{'config-certs'} ? $OPTS{'config-certs'} : defined $CONFIG->{_}->{'config-certs'} ? [ split(/\s+/, $CONFIG->{_}->{'config-certs'}) ] diff --git a/lacme.8.md b/lacme.8.md index ecf87c3..2ffdc25 100644 --- a/lacme.8.md +++ b/lacme.8.md @@ -77,7 +77,7 @@ Commands Upon success, `lacme` prints the new or updated Account Object from the [ACME] server. -`lacme` [`--config-certs=`*FILE*] [`--min-days=`*INT*] `newOrder` [*SECTION* …] +`lacme newOrder` [`--config-certs=`*FILE*] [`--min-days=`*INT*|`--force`] [*SECTION* …] : Read the certificate configuration *FILE* (see the **[certificate configuration file](#certificate-configuration-file)** section below @@ -85,6 +85,9 @@ Commands for each of its sections (or the given list of *SECTION*s). Command alias: `new-order`. + The flag `--force` is an alias for `--min-days=-1`, which forces + renewal regardless of the expiration date of existing certificates. + `lacme` `revokeCert` *FILE* [*FILE* …] : Request that the given certificate(s) *FILE*(s) be revoked. For -- cgit v1.2.3