forked from TrueCloudLab/certificates
Merge pull request #653 from smallstep/needs-renewal
systemd cert renewer can now use 'step certificate needs-renewal'
This commit is contained in:
commit
28acc1b7d2
1 changed files with 1 additions and 5 deletions
|
@ -15,11 +15,7 @@ Environment=STEPPATH=/etc/step-ca \
|
||||||
; ExecStartPre checks if the certificate is ready for renewal,
|
; ExecStartPre checks if the certificate is ready for renewal,
|
||||||
; based on the exit status of the command.
|
; based on the exit status of the command.
|
||||||
; (In systemd 243 and above, you can use ExecCondition= here.)
|
; (In systemd 243 and above, you can use ExecCondition= here.)
|
||||||
ExecStartPre=/usr/bin/env bash -c \
|
ExecStartPre=/usr/bin/step certificate needs-renewal $CERT_LOCATION --roots $STEPPATH/certs/root_ca.crt
|
||||||
'step certificate inspect $CERT_LOCATION --format json --roots "$STEPPATH/certs/root_ca.crt" | \
|
|
||||||
jq -e "(((.validity.start | fromdate) + \
|
|
||||||
((.validity.end | fromdate) - (.validity.start | fromdate)) * 0.66) \
|
|
||||||
- now) <= 0" > /dev/null'
|
|
||||||
|
|
||||||
; ExecStart renews the certificate, if ExecStartPre was successful.
|
; ExecStart renews the certificate, if ExecStartPre was successful.
|
||||||
ExecStart=/usr/bin/step ca renew --force $CERT_LOCATION $KEY_LOCATION
|
ExecStart=/usr/bin/step ca renew --force $CERT_LOCATION $KEY_LOCATION
|
||||||
|
|
Loading…
Reference in a new issue