Browse Source

Fix expiring ACME certs

master
Adrian Heine 7 years ago
parent
commit
0c7577718d
  1. 11
      src/symbols/acme/cert.rs

11
src/symbols/acme/cert.rs

@ -45,11 +45,14 @@ impl<'a, C: CommandRunner> Symbol for AcmeCert<'a, C> {
return Ok(false); return Ok(false);
} }
let stdout = try!(self.command_runner.get_output("openssl", &["x509", "-in", &self.get_cert_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()]));
if stdout != format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() {
return Ok(false);
}
let output = try!(self.command_runner.run_with_args("openssl", &["x509", "-in", &self.get_cert_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()]));
if output.status.success() && output.stdout == format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() {
Ok(self.command_runner.run_successfully("openssl", &["verify", "--untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_path()]).is_ok()) Ok(self.command_runner.run_successfully("openssl", &["verify", "--untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_path()]).is_ok())
} else if output.status.code() == Some(1) && output.stdout == format!("subject=CN = {}\nCertificate will expire\n", self.domain).as_bytes() {
Ok(false)
} else {
Err(try!(String::from_utf8(output.stderr)).into())
}
} }
fn execute(&self) -> Result<(), Box<Error>> { fn execute(&self) -> Result<(), Box<Error>> {

Loading…
Cancel
Save