summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-01-14 09:47:35 +0100
committerErich Eckner <git@eckner.net>2020-01-14 09:47:35 +0100
commit8386eb46ce63432bb8f9f13974d714c1fc574857 (patch)
tree40268aa3b7f26e55b4480c4f2b3c250b17e23afd
parent923ed7ef117f921d7827821962ef597b366e2eef (diff)
downloadsimple-pki-8386eb46ce63432bb8f9f13974d714c1fc574857.tar.xz
rotate-keys: fix date-logic for now-uncached keys
-rw-r--r--rotate-keys.in16
1 files changed, 8 insertions, 8 deletions
diff --git a/rotate-keys.in b/rotate-keys.in
index 8255729..dc17cac 100644
--- a/rotate-keys.in
+++ b/rotate-keys.in
@@ -54,14 +54,6 @@ if [ "$(whoami)" != "${certificate_user}" ]; then
if [ -f "${key_dir}/${host_key_file}.key.new" ] \
&& [ -f "${key_dir}/${host_key_file}.crt.new" ] \
&& [ -f "${key_dir}/${host_key_file}.chain.new" ]; then
- if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
- && [ -f "${key_dir}/${host_key_file}.key" ] \
- && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
- && [ -f "${key_dir}/${host_key_file}.crt" ] \
- && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
- && [ -f "${key_dir}/${host_key_file}.chain" ]; then
- continue
- fi
mv "${key_dir}/${host_key_file}.key"{.new,}
mv "${key_dir}/${host_key_file}.crt"{.new,}
mv "${key_dir}/${host_key_file}.chain"{.new,}
@@ -99,6 +91,14 @@ printf '%s\n' "${hosts}" \
&& [ -f "${key_dir}/${host}.chain.new" ]; then
continue
fi
+ if [ -f "${key_dir}/${host_key_file}.key" ] \
+ && [ "$(stat -c%Y "${key_dir}/${host_key_file}.key")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
+ && [ -f "${key_dir}/${host_key_file}.crt" ] \
+ && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
+ && [ -f "${key_dir}/${host_key_file}.chain" ] \
+ && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ]; then
+ continue
+ fi
SAN=$(
printf ',DNS:%s' \