aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2021-01-11 00:05:58 +0100
committerGravatar Christian Hesse <mail@eworm.de>2021-01-11 12:00:07 +0100
commitd926c84cdb1cc28ee29c6ec0a6f339587ce9b280 (patch)
treed98519a2bfc4c5879578eb9ab093e1881a196aeb /check-certificates
parent8e628ce11e95ccc867c9f4d3349cf0f63148109b (diff)
check-certificates: do not renew if loosing private key
Diffstat (limited to 'check-certificates')
-rw-r--r--check-certificates5
1 files changed, 5 insertions, 0 deletions
diff --git a/check-certificates b/check-certificates
index 89ca9eb..76df7f9 100644
--- a/check-certificates
+++ b/check-certificates
@@ -66,6 +66,11 @@ $WaitFullyConnected;
:if ($Cert != $CertNew) do={
$LogPrintExit debug ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false;
+ :if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
+ / certificate remove $CertNew;
+ $LogPrintExit warning ("Old certificate '" . ($CertVal->"name") . "' has a private key, new certificate does not. Aborting renew.") true;
+ }
+
/ ip service set certificate=($CertNewVal->"name") [ find where certificate=($CertVal->"name") ];
:do {