Renew certificate only when 25% of certificate lifetime remains

2025-10-31 01:19:11 +00:00 · 2017-03-13 19:42:21 +02:00
parent b3185bbbf4
commit 7b1dae0901
1 changed files with 2 additions and 2 deletions
--- a/certidude/helpers.py
+++ b/certidude/helpers.py
@@ -160,8 +160,8 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
        cert_buf = open(certificate_path).read()
        cert = x509.load_pem_x509_certificate(cert_buf, default_backend())
        lifetime = (cert.not_valid_after - cert.not_valid_before)
-        rollover = lifetime / 1 # TODO: Make rollover configurable
-        if datetime.now() > cert.not_valid_after - rollover:
+        overlap = lifetime / 4 # TODO: Make overlap configurable
+        if datetime.now() > cert.not_valid_after - overlap:
            click.echo("Certificate expired %s" % cert.not_valid_after)
            renew = True
        else: