From 7b1dae090188b935e914731a4838ae4d3fcb363a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Mon, 13 Mar 2017 19:42:21 +0200 Subject: [PATCH] Renew certificate only when 25% of certificate lifetime remains --- certidude/helpers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certidude/helpers.py b/certidude/helpers.py index 4773f31..3aebb91 100644 --- a/certidude/helpers.py +++ b/certidude/helpers.py @@ -160,8 +160,8 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa cert_buf = open(certificate_path).read() cert = x509.load_pem_x509_certificate(cert_buf, default_backend()) lifetime = (cert.not_valid_after - cert.not_valid_before) - rollover = lifetime / 1 # TODO: Make rollover configurable - if datetime.now() > cert.not_valid_after - rollover: + overlap = lifetime / 4 # TODO: Make overlap configurable + if datetime.now() > cert.not_valid_after - overlap: click.echo("Certificate expired %s" % cert.not_valid_after) renew = True else: