diff options
| author | Erich Eckner <git@eckner.net> | 2020-01-14 09:47:35 +0100 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2020-01-14 09:47:35 +0100 |
| commit | 8386eb46ce63432bb8f9f13974d714c1fc574857 (patch) | |
| tree | 40268aa3b7f26e55b4480c4f2b3c250b17e23afd | |
| parent | 923ed7ef117f921d7827821962ef597b366e2eef (diff) | |
| download | simple-pki-8386eb46ce63432bb8f9f13974d714c1fc574857.tar.xz | |
rotate-keys: fix date-logic for now-uncached keys
| -rw-r--r-- | rotate-keys.in | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/rotate-keys.in b/rotate-keys.in index 8255729..dc17cac 100644 --- a/rotate-keys.in +++ b/rotate-keys.in @@ -54,14 +54,6 @@ if [ "$(whoami)" != "${certificate_user}" ]; then if [ -f "${key_dir}/${host_key_file}.key.new" ] \ && [ -f "${key_dir}/${host_key_file}.crt.new" ] \ && [ -f "${key_dir}/${host_key_file}.chain.new" ]; then - if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.key" ] \ - && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.crt" ] \ - && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.chain" ]; then - continue - fi mv "${key_dir}/${host_key_file}.key"{.new,} mv "${key_dir}/${host_key_file}.crt"{.new,} mv "${key_dir}/${host_key_file}.chain"{.new,} @@ -99,6 +91,14 @@ printf '%s\n' "${hosts}" \ && [ -f "${key_dir}/${host}.chain.new" ]; then continue fi + if [ -f "${key_dir}/${host_key_file}.key" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.key")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ + && [ -f "${key_dir}/${host_key_file}.crt" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ + && [ -f "${key_dir}/${host_key_file}.chain" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ]; then + continue + fi SAN=$( printf ',DNS:%s' \ |