From 972dd4d4be5d3b9be6328680487feef90772dfad Mon Sep 17 00:00:00 2001 From: Danilo Bargen Date: Fri, 29 May 2020 01:14:10 +0200 Subject: [PATCH] Log certificate domains before and after renewal Right now only the id is logged as a prefix (e.g. crt-3), so it's not possible to easily determine *which* certificate was renewed, or failed to renew. --- acmed/src/acme_proto.rs | 2 +- acmed/src/certificate.rs | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/acmed/src/acme_proto.rs b/acmed/src/acme_proto.rs index 6e98341..f0d2155 100644 --- a/acmed/src/acme_proto.rs +++ b/acmed/src/acme_proto.rs @@ -210,6 +210,6 @@ pub fn request_certificate(cert: &Certificate, root_certs: &[String]) -> Result< let (crt, _) = http::get_certificate(cert, root_certs, &crt_url, &data_builder, &nonce)?; storage::write_certificate(cert, &crt.as_bytes())?; - cert.info("Certificate renewed"); + cert.info(&format!("Certificate renewed (domains: {})", cert.domain_list())); Ok(()) } diff --git a/acmed/src/certificate.rs b/acmed/src/certificate.rs index b871100..4ea6089 100644 --- a/acmed/src/certificate.rs +++ b/acmed/src/certificate.rs @@ -105,7 +105,7 @@ impl Certificate { fn is_expiring(&self, cert: &X509Certificate) -> Result { let expires_in = cert.expires_in()?; - self.debug(&format!("expires in {} days", expires_in.as_secs() / 86400)); + self.debug(&format!("Certificate expires in {} days", expires_in.as_secs() / 86400)); // TODO: allow a custom duration (using time-parse ?) // 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60) let renewal_time = Duration::new(1_814_400, 0); @@ -134,7 +134,17 @@ impl Certificate { has_miss } + /// Return a comma-separated list of the domains this certificate is valid for. + pub fn domain_list(&self) -> String { + self.domains + .iter() + .map(|domain| &*domain.dns) + .collect::>() + .join(",") + } + pub fn should_renew(&self) -> Result { + self.debug(&format!("Checking for renewal (domains: {})", self.domain_list())); if !certificate_files_exists(&self) { self.debug("certificate does not exist: requesting one"); return Ok(true);