From 7b175004cbee1f61ac8c87d15720ca70ffd904c2 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Mon, 11 Feb 2019 18:55:32 -0800
Subject: [PATCH] Initialize certNotAfter to avoid a renew when the server
 starts.

---
 ca/renew.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ca/renew.go b/ca/renew.go
index 44234781..5f888bf1 100644
--- a/ca/renew.go
+++ b/ca/renew.go
@@ -72,6 +72,8 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
 	if r.renewJitter == 0 {
 		r.renewJitter = period / 20
 	}
+	// Initialize certNotAfter
+	r.certNotAfter = cert.Leaf.NotAfter.Add(-1 * time.Minute)
 
 	return r, nil
 }