passes register and get, refactored renew
This commit is contained in:
AJ ONeal
parent
dad5aca9ff
commit
9c4b1fd43e
77
lib/core.js
77
lib/core.js
|
|
@ -268,12 +268,58 @@ module.exports.create = function (le) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
// Certificates
|
// Certificates
|
||||||
, renewAsync: function (args) {
|
, renewAsync: function (args, certs) {
|
||||||
// TODO fetch email address (accountBydomain) if not present
|
var renewableAt = core.certificates._getRenewableAt(args, certs);
|
||||||
|
//var halfLife = (certs.expiresAt - certs.issuedAt) / 2;
|
||||||
|
//var renewable = (Date.now() - certs.issuedAt) > halfLife;
|
||||||
|
|
||||||
|
log(args.debug, "(Renew) Expires At", new Date(certs.expiresAt).toISOString());
|
||||||
|
log(args.debug, "(Renew) Renewable At", new Date(renewableAt).toISOString());
|
||||||
|
|
||||||
|
if (!args.duplicate && Date.now() < renewableAt) {
|
||||||
|
return PromiseA.reject(new Error(
|
||||||
|
"[ERROR] Certificate issued at '"
|
||||||
|
+ new Date(certs.issuedAt).toISOString() + "' and expires at '"
|
||||||
|
+ new Date(certs.expiresAt).toISOString() + "'. Ignoring renewal attempt until '"
|
||||||
|
+ new Date(renewableAt).toISOString() + "'. Set { duplicate: true } to force."
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Either the cert has entered its renewal period
|
||||||
|
// or we're forcing a refresh via 'dupliate: true'
|
||||||
|
log(args.debug, "Renewing!");
|
||||||
|
|
||||||
|
// TODO fetch email address / accountId (accountBydomain) if not present
|
||||||
// store.config.getAsync(args.domains).then(function (config) { /*...*/ });
|
// store.config.getAsync(args.domains).then(function (config) { /*...*/ });
|
||||||
|
if (!args.domains || (args.domains.length || 0) <= 2) {
|
||||||
|
// this is a renewal, therefore we should renewal ALL of the domains
|
||||||
|
// associated with this certificate, unless args.domains is a list larger
|
||||||
|
// than example.com,www.example.com
|
||||||
|
// TODO check www. prefix
|
||||||
|
args.domains = certs.altnames;
|
||||||
|
if (Array.isArray(certs.domains) && certs.domains.length) {
|
||||||
|
args.domains = certs.domains;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return core.certificates.registerAsync(args);
|
return core.certificates.registerAsync(args);
|
||||||
}
|
}
|
||||||
// Certificates
|
// Certificates
|
||||||
|
, _isRenewable: function (args, certs) {
|
||||||
|
var renewableAt = core.certificates._getRenewableAt(args, certs);
|
||||||
|
|
||||||
|
log(args.debug, "Check Expires At", new Date(certs.expiresAt).toISOString());
|
||||||
|
log(args.debug, "Check Renewable At", new Date(renewableAt).toISOString());
|
||||||
|
|
||||||
|
if (args.duplicate || Date.now() >= renewableAt) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
, _getRenewableAt: function (args, certs) {
|
||||||
|
return certs.expiresAt - le.renewWithin;
|
||||||
|
}
|
||||||
, checkAsync: function (args) {
|
, checkAsync: function (args) {
|
||||||
var copy = utils.merge(args, le);
|
var copy = utils.merge(args, le);
|
||||||
utils.tplCopy(copy);
|
utils.tplCopy(copy);
|
||||||
|
|
@ -299,32 +345,11 @@ module.exports.create = function (le) {
|
||||||
return core.certificates.registerAsync(args);
|
return core.certificates.registerAsync(args);
|
||||||
}
|
}
|
||||||
|
|
||||||
var renewableAt = certs.expiresAt - le.renewWithin;
|
if (core.certificates._isRenewable(args, certs)) {
|
||||||
//var halfLife = (certs.expiresAt - certs.issuedAt) / 2;
|
certs._renewing = core.certificates.renewAsync(args, certs);
|
||||||
//var renewable = (Date.now() - certs.issuedAt) > halfLife;
|
|
||||||
|
|
||||||
log(args.debug, "Expires At", new Date(certs.expiresAt).toISOString());
|
|
||||||
log(args.debug, "Renewable At", new Date(renewableAt).toISOString());
|
|
||||||
if (args.duplicate || Date.now() >= renewableAt) {
|
|
||||||
// The cert is more than half-expired
|
|
||||||
// We're forcing a refresh via 'dupliate: true'
|
|
||||||
log(args.debug, "Renewing!");
|
|
||||||
if (Array.isArray(certs.domains) && certs.domains.length && args.domains.length <= 2) {
|
|
||||||
// this is a renewal, therefore we should renewal ALL of the domains
|
|
||||||
// associated with this certificate, unless args.domains is a list larger
|
|
||||||
// than example.com,www.example.com
|
|
||||||
// TODO check www. prefix
|
|
||||||
args.domains = certs.domains;
|
|
||||||
}
|
|
||||||
return core.certificates.renewAsync(args);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return PromiseA.reject(new Error(
|
return certs;
|
||||||
"[ERROR] Certificate issued at '"
|
|
||||||
+ new Date(certs.issuedAt).toISOString() + "' and expires at '"
|
|
||||||
+ new Date(certs.expiresAt).toISOString() + "'. Ignoring renewal attempt until '"
|
|
||||||
+ new Date(renewableAt).toISOString() + "'. Set { duplicate: true } to force."
|
|
||||||
));
|
|
||||||
}).then(function (results) {
|
}).then(function (results) {
|
||||||
// returns pems
|
// returns pems
|
||||||
return results;
|
return results;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue