From f3f7d3edc0f6bd895e27019ed5d48e4afafe95fa Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 25 Jun 2024 07:55:58 +0200 Subject: check-certificates: limit scope for $CertNew... ... into block where certificate is replaced. This should unbreak renewing with a certificate updated in place. --- check-certificates.rsc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/check-certificates.rsc b/check-certificates.rsc index e9235f1..c9622b7 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -139,7 +139,6 @@ :foreach Cert in=[ /certificate/find where !revoked !ca !scep-url expires-after<$CertRenewTime ] do={ :local CertVal [ /certificate/get $Cert ]; - :local CertNew; :local LastName; :do { @@ -166,7 +165,7 @@ } else={ $LogPrint debug $ScriptName ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced."); - :set CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $LastName ] ] . "\\.(p12|pem)_[0-9]+\$") \ + :local CertNew [ /certificate/find where name~("^" . [ $EscapeForRegEx [ $UrlEncode $LastName ] ] . "\\.(p12|pem)_[0-9]+\$") \ (common-name=($CertVal->"common-name") or subject-alt-name~("(^|\\W)(DNS|IP):" . [ $EscapeForRegEx $LastName ] . "(\\W|\$)")) \ fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ]; :local CertNewVal [ /certificate/get $CertNew ]; @@ -190,13 +189,13 @@ /certificate/remove $Cert; /certificate/set $CertNew name=($CertVal->"name"); - :set CertNewVal; + :set Cert $CertNew; :set CertVal [ /certificate/get $CertNew ]; } $SendNotification2 ({ origin=$ScriptName; silent=true; \ subject=([ $SymbolForNotification "lock-with-ink-pen" ] . "Certificate renewed: " . ($CertVal->"name")); \ - message=("A certificate on " . $Identity . " has been renewed.\n\n" . [ $FormatInfo $CertNew ]) }); + message=("A certificate on " . $Identity . " has been renewed.\n\n" . [ $FormatInfo $Cert ]) }); $LogPrint info $ScriptName ("The certificate '" . ($CertVal->"name") . "' has been renewed."); } on-error={ $LogPrint debug $ScriptName ("Could not renew certificate '" . ($CertVal->"name") . "'."); -- cgit v1.2.3-70-g09d2