@@ -86,32 +86,35 @@ local function renew_check_cert(auto_ssl_instance, storage, domain)
86
86
return
87
87
end
88
88
89
- -- If we don't have an expiry date yet, try to update the stored cert
90
- -- with a date based on backup timestamps
89
+ -- While newer certs should have the expire date stored already, if an older
90
+ -- cert doesn't have an expiry date stored yet, extract it and save it.
91
91
if not cert [" expiry" ] then
92
- local keys , err = storage .adapter :keys_with_prefix (domain .. " :" )
93
- if err then
94
- ngx .log (ngx .ERR , " auto-ssl: error fetching certificate backups from storage for " , domain , " : " , err )
92
+ local cert_pem_path = auto_ssl_instance :get (" dir" ) .. " /tmp/extract-expiry-" .. ngx .escape_uri (domain )
93
+ local file , file_err = io.open (cert_pem_path , " w" )
94
+ if file_err then
95
+ ngx .log (ngx .ERR , " auto-ssl: write expiry cert file for " .. domain .. " failed: " , file_err )
95
96
else
96
- local most_recent = 0
97
- for _ , key in ipairs (keys ) do
98
- local timestamp = string.sub (key , string.find (key , " :" ) + 1 )
99
- timestamp = tonumber (timestamp )
100
- if timestamp and most_recent < timestamp then
101
- most_recent = timestamp
97
+ file :write (cert [" fullchain_pem" ])
98
+ file :close ()
99
+
100
+ local _ , date_output , date_err = run_command (' date --date="$(openssl x509 -enddate -noout -in "' .. cert_pem_path .. ' "|cut -d= -f 2)" +%s' )
101
+ if date_err then
102
+ ngx .log (ngx .ERR , " auto-ssl: failed to extract expiry date from cert: " , date_err )
103
+ else
104
+ cert [" expiry" ] = tonumber (date_output )
105
+ if cert [" expiry" ] then
106
+ -- Update stored certificate to include expiry information
107
+ ngx .log (ngx .NOTICE , " auto-ssl: setting expiration date of " , domain , " to " , cert [" expiry" ])
108
+ local _ , set_cert_err = storage :set_cert (domain , cert [" fullchain_pem" ], cert [" privkey_pem" ], cert [" cert_pem" ], cert [" expiry" ])
109
+ if set_cert_err then
110
+ ngx .log (ngx .ERR , " auto-ssl: failed to update cert: " , set_cert_err )
111
+ end
102
112
end
103
113
end
104
- if most_recent ~= 0 then
105
- -- Backup timestamp used milliseconds, convert to seconds
106
- cert [" expiry" ] = math.floor (most_recent / 1000 ) + (90 * 24 * 60 * 60 )
107
- -- Update stored certificate to include expiry information
108
- ngx .log (ngx .NOTICE , " auto-ssl: setting expiration date of " , domain , " to " , cert [" expiry" ])
109
- local _ , err = storage :set_cert (domain , cert [" fullchain_pem" ], cert [" privkey_pem" ], cert [" cert_pem" ], cert [" expiry" ])
110
- if err then
111
- ngx .log (ngx .ERR , " auto-ssl: failed to update cert: " , err )
112
- end
113
- else
114
- ngx .log (ngx .ERR , " auto-ssl: no certificate backups in storage for " , domain , " , unable to set expiration date" )
114
+
115
+ local _ , remove_err = os.remove (cert_pem_path )
116
+ if remove_err then
117
+ ngx .log (ngx .ERR , " auto-ssl: failed to remove expiry cert file: " , remove_err )
115
118
end
116
119
end
117
120
end
@@ -158,15 +161,13 @@ local function renew_check_cert(auto_ssl_instance, storage, domain)
158
161
-- configured time for renewals.
159
162
local _ , issue_err = ssl_provider .issue_cert (auto_ssl_instance , domain )
160
163
if issue_err then
161
- ngx .log (ngx .ERR , " auto-ssl: issuing renewal certificate failed: " , err )
164
+ ngx .log (ngx .ERR , " auto-ssl: issuing renewal certificate failed: " , issue_err )
165
+
162
166
-- Give up on renewing this certificate if we didn't manage to renew
163
167
-- it before the expiration date
164
- local now = ngx .now ()
165
- if cert [" expiry" ] then
166
- if cert [" expiry" ] < now then
167
- ngx .log (ngx .NOTICE , " auto-ssl: existing certificate is expired, deleting: " , domain )
168
- storage :delete_cert (domain )
169
- end
168
+ if cert [" expiry" ] and cert [" expiry" ] < ngx .now () then
169
+ ngx .log (ngx .WARN , " auto-ssl: existing certificate is expired, deleting: " , domain )
170
+ storage :delete_cert (domain )
170
171
end
171
172
end
172
173
0 commit comments