summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--rotate-keys.in14
1 files changed, 10 insertions, 4 deletions
diff --git a/rotate-keys.in b/rotate-keys.in
index 205916a..0fc6a44 100644
--- a/rotate-keys.in
+++ b/rotate-keys.in
@@ -48,15 +48,19 @@ if [ "$(whoami)" != "${certificate_user}" ]; then
updated_something=false
for host_key_file in ${host_key_files}; do
if [ -f "${key_dir}/${host_key_file}.key.new" ] \
- && [ -f "${key_dir}/${host_key_file}.crt.new" ]; then
+ && [ -f "${key_dir}/${host_key_file}.crt.new" ] \
+ && [ -f "${key_dir}/${host_key_file}.chain.new" ]; then
if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
&& [ -f "${key_dir}/${host_key_file}.key" ] \
&& [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
- && [ -f "${key_dir}/${host_key_file}.crt" ]; then
+ && [ -f "${key_dir}/${host_key_file}.crt" ] \
+ && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \
+ && [ -f "${key_dir}/${host_key_file}.chain" ]; then
continue
fi
mv "${key_dir}/${host_key_file}.key"{.new,}
mv "${key_dir}/${host_key_file}.crt"{.new,}
+ mv "${key_dir}/${host_key_file}.chain"{.new,}
updated_something=true
fi
done
@@ -82,7 +86,8 @@ trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
printf '%s\n' "${hosts}" \
| while read -r host other_hosts; do
if [ -f "${key_dir}/${host}.key.new" ] \
- && [ -f "${key_dir}/${host}.crt.new" ]; then
+ && [ -f "${key_dir}/${host}.crt.new" ] \
+ && [ -f "${key_dir}/${host}.chain.new" ]; then
continue
fi
@@ -117,7 +122,8 @@ ssh -T "${ca_host}" \
| tar -xzf -
for host_key_file in ${host_key_files}; do
- if [ ! -f "${tmp_dir}/${host_key_file}.crt" ]; then
+ if [ ! -f "${tmp_dir}/${host_key_file}.crt" ] \
+ || [ ! -f "${tmp_dir}/${host_key_file}.chain" ]; then
continue
fi
cat "${tmp_dir}/${host_key_file}.crt" \