aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2023-01-23 17:27:34 +0100
committerGravatar Christian Hesse <mail@eworm.de>2023-01-23 17:46:03 +0100
commit555d0e8bfc8d3773fa05302303b43ed43e5f27a1 (patch)
tree5b927bc07f393cc5c9771593016833b43753d512
parent36a8938dead84e97b6de67b2911e2186d12123a3 (diff)
check-certificates: make the warning time configurablechange-89
-rw-r--r--check-certificates4
-rw-r--r--doc/check-certificates.md1
-rw-r--r--global-config1
-rw-r--r--global-config.changes1
-rw-r--r--global-functions2
5 files changed, 7 insertions, 2 deletions
diff --git a/check-certificates b/check-certificates
index 9802cde..2bf2443 100644
--- a/check-certificates
+++ b/check-certificates
@@ -13,6 +13,7 @@
:global CertRenewPass;
:global CertRenewTime;
:global CertRenewUrl;
+:global CertWarnTime;
:global Identity;
:global CertificateAvailable
@@ -103,7 +104,8 @@ $WaitFullyConnected;
}
}
-:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) expires-after<2w !(fingerprint=[]) ] do={
+:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) \
+ expires-after<$CertWarnTime !(fingerprint=[]) ] do={
:local CertVal [ /certificate/get $Cert ];
:if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={
diff --git a/doc/check-certificates.md b/doc/check-certificates.md
index 76357ce..80f6aee 100644
--- a/doc/check-certificates.md
+++ b/doc/check-certificates.md
@@ -32,6 +32,7 @@ in `global-config-overlay`, these are the parameters:
* `CertRenewPass`: an array of passphrases to try
* `CertRenewTime`: on what remaining time to try a renew
* `CertRenewUrl`: the url to download certificates from
+* `CertWarnTime`: on what remaining time to warn via notification
Certificates on the web server should be named `CN.pem` (`PEM` format) or
`CN.p12` (`PKCS#12` format).
diff --git a/global-config b/global-config
index bd632a1..dcd7a09 100644
--- a/global-config
+++ b/global-config
@@ -194,6 +194,7 @@
"v3ry-s3cr3t";
"4n0th3r-s3cr3t";
}
+:global CertWarnTime 2w;
:global CertIssuedExportPass {
"cert1-cn"="v3ry-s3cr3t";
"cert2-cn"="4n0th3r-s3cr3t";
diff --git a/global-config.changes b/global-config.changes
index dacb9a1..2ae335e 100644
--- a/global-config.changes
+++ b/global-config.changes
@@ -97,6 +97,7 @@
86="Added support for hooks in 'sms-forward'. This now provides similar functionality to 'sms-action', but is more flexible.";
87="Added support for extra text (or emojis \F0\9F\9A\80) in notification tags.";
88="Added support for monitoring CPU load and available free RAM in 'check-health'.";
+ 89="Made the warning time for 'check-certificates' configurable.";
};
# Migration steps to be applied on script updates
diff --git a/global-functions b/global-functions
index 9654824..58c025e 100644
--- a/global-functions
+++ b/global-functions
@@ -12,7 +12,7 @@
:local 0 "global-functions";
# expected configuration version
-:global ExpectedConfigVersion 88;
+:global ExpectedConfigVersion 89;
# global variables not to be changed by user
:global GlobalFunctionsReady false;