Browse Source

Log certificate domains before and after renewal

Right now only the id is logged as a prefix (e.g. crt-3), so it's not
possible to easily determine *which* certificate was renewed, or failed
to renew.
pull/27/head
Danilo Bargen 5 years ago
parent
commit
972dd4d4be
  1. 2
      acmed/src/acme_proto.rs
  2. 12
      acmed/src/certificate.rs

2
acmed/src/acme_proto.rs

@ -210,6 +210,6 @@ pub fn request_certificate(cert: &Certificate, root_certs: &[String]) -> Result<
let (crt, _) = http::get_certificate(cert, root_certs, &crt_url, &data_builder, &nonce)?;
storage::write_certificate(cert, &crt.as_bytes())?;
cert.info("Certificate renewed");
cert.info(&format!("Certificate renewed (domains: {})", cert.domain_list()));
Ok(())
}

12
acmed/src/certificate.rs

@ -105,7 +105,7 @@ impl Certificate {
fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> {
let expires_in = cert.expires_in()?;
self.debug(&format!("expires in {} days", expires_in.as_secs() / 86400));
self.debug(&format!("Certificate expires in {} days", expires_in.as_secs() / 86400));
// TODO: allow a custom duration (using time-parse ?)
// 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60)
let renewal_time = Duration::new(1_814_400, 0);
@ -134,7 +134,17 @@ impl Certificate {
has_miss
}
/// Return a comma-separated list of the domains this certificate is valid for.
pub fn domain_list(&self) -> String {
self.domains
.iter()
.map(|domain| &*domain.dns)
.collect::<Vec<&str>>()
.join(",")
}
pub fn should_renew(&self) -> Result<bool, Error> {
self.debug(&format!("Checking for renewal (domains: {})", self.domain_list()));
if !certificate_files_exists(&self) {
self.debug("certificate does not exist: requesting one");
return Ok(true);

Loading…
Cancel
Save