Fix needs-renewal condition and switch to using ExecCondition

This commit is contained in:
Carl Tashian 2021-07-21 11:49:10 -05:00
parent 3e5b90b6fa
commit 22ef324534

View file

@ -12,10 +12,10 @@ Environment=STEPPATH=/etc/step-ca \
CERT_LOCATION=/etc/step/certs/%i.crt \ CERT_LOCATION=/etc/step/certs/%i.crt \
KEY_LOCATION=/etc/step/certs/%i.key KEY_LOCATION=/etc/step/certs/%i.key
; ExecStartPre checks if the certificate is ready for renewal, ; ExecCondition checks if the certificate is ready for renewal,
; based on the exit status of the command. ; based on the exit status of the command.
; (In systemd 243 and above, you can use ExecCondition= here.) ; (In systemd 242 or below, you can use ExecStartPre= here.)
ExecStartPre=/usr/bin/step certificate needs-renewal $CERT_LOCATION --roots $STEPPATH/certs/root_ca.crt ExecCondition=/usr/bin/step certificate needs-renewal $CERT_LOCATION
; ExecStart renews the certificate, if ExecStartPre was successful. ; ExecStart renews the certificate, if ExecStartPre was successful.
ExecStart=/usr/bin/step ca renew --force $CERT_LOCATION $KEY_LOCATION ExecStart=/usr/bin/step ca renew --force $CERT_LOCATION $KEY_LOCATION