diff --git a/lib/core.js b/lib/core.js index 85508a1..df93899 100644 --- a/lib/core.js +++ b/lib/core.js @@ -268,12 +268,58 @@ module.exports.create = function (le) { }); } // Certificates - , renewAsync: function (args) { - // TODO fetch email address (accountBydomain) if not present + , renewAsync: function (args, certs) { + var renewableAt = core.certificates._getRenewableAt(args, certs); + //var halfLife = (certs.expiresAt - certs.issuedAt) / 2; + //var renewable = (Date.now() - certs.issuedAt) > halfLife; + + log(args.debug, "(Renew) Expires At", new Date(certs.expiresAt).toISOString()); + log(args.debug, "(Renew) Renewable At", new Date(renewableAt).toISOString()); + + if (!args.duplicate && Date.now() < renewableAt) { + return PromiseA.reject(new Error( + "[ERROR] Certificate issued at '" + + new Date(certs.issuedAt).toISOString() + "' and expires at '" + + new Date(certs.expiresAt).toISOString() + "'. Ignoring renewal attempt until '" + + new Date(renewableAt).toISOString() + "'. Set { duplicate: true } to force." + )); + } + + // Either the cert has entered its renewal period + // or we're forcing a refresh via 'dupliate: true' + log(args.debug, "Renewing!"); + + // TODO fetch email address / accountId (accountBydomain) if not present // store.config.getAsync(args.domains).then(function (config) { /*...*/ }); + if (!args.domains || (args.domains.length || 0) <= 2) { + // this is a renewal, therefore we should renewal ALL of the domains + // associated with this certificate, unless args.domains is a list larger + // than example.com,www.example.com + // TODO check www. prefix + args.domains = certs.altnames; + if (Array.isArray(certs.domains) && certs.domains.length) { + args.domains = certs.domains; + } + } + return core.certificates.registerAsync(args); } // Certificates + , _isRenewable: function (args, certs) { + var renewableAt = core.certificates._getRenewableAt(args, certs); + + log(args.debug, "Check Expires At", new Date(certs.expiresAt).toISOString()); + log(args.debug, "Check Renewable At", new Date(renewableAt).toISOString()); + + if (args.duplicate || Date.now() >= renewableAt) { + return true; + } + + return false; + } + , _getRenewableAt: function (args, certs) { + return certs.expiresAt - le.renewWithin; + } , checkAsync: function (args) { var copy = utils.merge(args, le); utils.tplCopy(copy); @@ -299,32 +345,11 @@ module.exports.create = function (le) { return core.certificates.registerAsync(args); } - var renewableAt = certs.expiresAt - le.renewWithin; - //var halfLife = (certs.expiresAt - certs.issuedAt) / 2; - //var renewable = (Date.now() - certs.issuedAt) > halfLife; - - log(args.debug, "Expires At", new Date(certs.expiresAt).toISOString()); - log(args.debug, "Renewable At", new Date(renewableAt).toISOString()); - if (args.duplicate || Date.now() >= renewableAt) { - // The cert is more than half-expired - // We're forcing a refresh via 'dupliate: true' - log(args.debug, "Renewing!"); - if (Array.isArray(certs.domains) && certs.domains.length && args.domains.length <= 2) { - // this is a renewal, therefore we should renewal ALL of the domains - // associated with this certificate, unless args.domains is a list larger - // than example.com,www.example.com - // TODO check www. prefix - args.domains = certs.domains; - } - return core.certificates.renewAsync(args); + if (core.certificates._isRenewable(args, certs)) { + certs._renewing = core.certificates.renewAsync(args, certs); } - return PromiseA.reject(new Error( - "[ERROR] Certificate issued at '" - + new Date(certs.issuedAt).toISOString() + "' and expires at '" - + new Date(certs.expiresAt).toISOString() + "'. Ignoring renewal attempt until '" - + new Date(renewableAt).toISOString() + "'. Set { duplicate: true } to force." - )); + return certs; }).then(function (results) { // returns pems return results;