aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates.rsc
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2023-07-23 22:01:43 +0200
committerGravatar Christian Hesse <mail@eworm.de>2023-07-23 22:01:43 +0200
commit5b789d298b8d6d48d91601b335e1feeeb1374f14 (patch)
treec56c9b573c4307794c96eba9e917bd18e65f0320 /check-certificates.rsc
parentbe97de3627f2fa098931d525945114f712ddae71 (diff)
check-certificates: properly handle in place updates
This worked just kind of... The certification was updated, but script aborted before the notification was sent.
Diffstat (limited to 'check-certificates.rsc')
-rw-r--r--check-certificates.rsc21
1 files changed, 12 insertions, 9 deletions
diff --git a/check-certificates.rsc b/check-certificates.rsc
index db9007a..86e079a 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -122,17 +122,20 @@ $WaitFullyConnected;
}
}
- :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $LastName ] ] . "\\.(p12|pem)_[0-9]+\$") \
- (common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \
- fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
- :local CertNewVal [ /certificate/get $CertNew ];
+ :if ($CertVal->"fingerprint" != [ /certificate/get $Cert fingerprint ]) do={
+ $LogPrintExit2 debug $0 ("Certificate '" . $CertVal->"name" . "' was updated in place.") false;
+ :set CertVal [ /certificate/get $Cert ];
+ } else {
+ $LogPrintExit2 debug $0 ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false;
- :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") ] = false) do={
- $LogPrintExit2 warning $0 ("The certificate chain is not available!") false;
- }
+ :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $LastName ] ] . "\\.(p12|pem)_[0-9]+\$") \
+ (common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \
+ fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
+ :local CertNewVal [ /certificate/get $CertNew ];
- :if ($Cert != $CertNew) do={
- $LogPrintExit2 debug $0 ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false;
+ :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") ] = false) do={
+ $LogPrintExit2 warning $0 ("The certificate chain is not available!") false;
+ }
:if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
/certificate/remove $CertNew;