mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Renew certificate only when 25% of certificate lifetime remains
This commit is contained in:
parent
b3185bbbf4
commit
7b1dae0901
@ -160,8 +160,8 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
|||||||
cert_buf = open(certificate_path).read()
|
cert_buf = open(certificate_path).read()
|
||||||
cert = x509.load_pem_x509_certificate(cert_buf, default_backend())
|
cert = x509.load_pem_x509_certificate(cert_buf, default_backend())
|
||||||
lifetime = (cert.not_valid_after - cert.not_valid_before)
|
lifetime = (cert.not_valid_after - cert.not_valid_before)
|
||||||
rollover = lifetime / 1 # TODO: Make rollover configurable
|
overlap = lifetime / 4 # TODO: Make overlap configurable
|
||||||
if datetime.now() > cert.not_valid_after - rollover:
|
if datetime.now() > cert.not_valid_after - overlap:
|
||||||
click.echo("Certificate expired %s" % cert.not_valid_after)
|
click.echo("Certificate expired %s" % cert.not_valid_after)
|
||||||
renew = True
|
renew = True
|
||||||
else:
|
else:
|
||||||
|
Loading…
Reference in New Issue
Block a user