From 0c7577718de5f5e1f08a8817b306260229772016 Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Sun, 17 Sep 2017 18:44:07 +0200 Subject: [PATCH] Fix expiring ACME certs --- src/symbols/acme/cert.rs | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/symbols/acme/cert.rs b/src/symbols/acme/cert.rs index bd8d3a0..9773f64 100644 --- a/src/symbols/acme/cert.rs +++ b/src/symbols/acme/cert.rs @@ -45,11 +45,14 @@ impl<'a, C: CommandRunner> Symbol for AcmeCert<'a, C> { return Ok(false); } - let stdout = try!(self.command_runner.get_output("openssl", &["x509", "-in", &self.get_cert_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()])); - if stdout != format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() { - return Ok(false); + let output = try!(self.command_runner.run_with_args("openssl", &["x509", "-in", &self.get_cert_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()])); + if output.status.success() && output.stdout == format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() { + Ok(self.command_runner.run_successfully("openssl", &["verify", "--untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_path()]).is_ok()) + } else if output.status.code() == Some(1) && output.stdout == format!("subject=CN = {}\nCertificate will expire\n", self.domain).as_bytes() { + Ok(false) + } else { + Err(try!(String::from_utf8(output.stderr)).into()) } - Ok(self.command_runner.run_successfully("openssl", &["verify", "--untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_path()]).is_ok()) } fn execute(&self) -> Result<(), Box> {