From 8386eb46ce63432bb8f9f13974d714c1fc574857 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Tue, 14 Jan 2020 09:47:35 +0100 Subject: rotate-keys: fix date-logic for now-uncached keys --- rotate-keys.in | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/rotate-keys.in b/rotate-keys.in index 8255729..dc17cac 100644 --- a/rotate-keys.in +++ b/rotate-keys.in @@ -54,14 +54,6 @@ if [ "$(whoami)" != "${certificate_user}" ]; then if [ -f "${key_dir}/${host_key_file}.key.new" ] \ && [ -f "${key_dir}/${host_key_file}.crt.new" ] \ && [ -f "${key_dir}/${host_key_file}.chain.new" ]; then - if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.key" ] \ - && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.crt" ] \ - && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ - && [ -f "${key_dir}/${host_key_file}.chain" ]; then - continue - fi mv "${key_dir}/${host_key_file}.key"{.new,} mv "${key_dir}/${host_key_file}.crt"{.new,} mv "${key_dir}/${host_key_file}.chain"{.new,} @@ -99,6 +91,14 @@ printf '%s\n' "${hosts}" \ && [ -f "${key_dir}/${host}.chain.new" ]; then continue fi + if [ -f "${key_dir}/${host_key_file}.key" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.key")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ + && [ -f "${key_dir}/${host_key_file}.crt" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ + && [ -f "${key_dir}/${host_key_file}.chain" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.chain")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ]; then + continue + fi SAN=$( printf ',DNS:%s' \ -- cgit v1.2.3