From 84f6363da57ccc3a58fc72f60cf51ca70cea34f6 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 19 Feb 2017 13:36:11 +0100 Subject: new-cert: new CLI option "min-days" --- Changelog | 2 ++ lacme | 6 +++--- lacme.md | 7 +++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Changelog b/Changelog index a622a5d..accd89c 100644 --- a/Changelog +++ b/Changelog @@ -5,6 +5,8 @@ lacme (0.3) upstream; - Ensure lacme's config file descriptor is not passed to the accountd or webserver components. - new-cert: sort section names if not passed explicitely. + - new-cert: new CLI option "min-days" overriding the value found in + the configuration file. -- Guilhem Moulin Sun, 19 Feb 2017 13:08:41 +0100 diff --git a/lacme b/lacme index f9b3530..75c1465 100755 --- a/lacme +++ b/lacme @@ -60,7 +60,7 @@ sub usage(;$$) { } exit $rv; } -usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s quiet|q debug help|h/); +usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s agreement-uri=s min-days=i quiet|q debug help|h/); usage(0) if $OPTS{help}; $COMMAND = shift(@ARGV) // usage(1, "Missing command"); @@ -619,8 +619,8 @@ elsif ($COMMAND eq 'new-cert') { # skip certificates that expire at least $conf->{'min-days'} days in the future if (-f $conf->{$certtype} and defined (my $t = x509_enddate($conf->{$certtype}))) { - my $d = $conf->{'min-days'} // 10; - if ($d > 0 and $t - time > $d*86400) { + my $d = $OPTS{'min-days'} // $conf->{'min-days'} // 10; + if ($d >= 0 and $t - time > $d*86400) { my $d = POSIX::strftime('%Y-%m-%d %H:%M:%S UTC', gmtime($t)); print STDERR "[$s] Valid until $d, skipping\n" unless $OPTS{quiet}; next; diff --git a/lacme.md b/lacme.md index f5b5559..aec2cd1 100644 --- a/lacme.md +++ b/lacme.md @@ -88,7 +88,7 @@ Commands When specified, the list of *CONTACT* information and the agreement *URI* are sent to the server to replace the existing values. -`lacme` [`--config-certs=`*FILE*] `new-cert` [*SECTION* …] +`lacme` [`--config-certs=`*FILE*] [`--min-days=`*INT*] `new-cert` [*SECTION* …] : Read the certificate configuration *FILE* (see the **[certificate configuration file](#certificate-configuration-file)** section below @@ -339,7 +339,10 @@ Valid options are: : For an existing certificate, the minimum number of days before its expiration date the section is considered for re-issuance. - Default: `10`. + A negative value forces reissuance, while the number `0` limits + reissuance to expired certificates. + Default: the value of the CLI option `--min-days`, or `10` if there + is no such option. *CAfile* -- cgit v1.2.3